PatchSiren cyber security CVE debrief
CVE-2024-40916 Siemens CVE debrief
This CVE affects the drm/exynos HDMI driver in the Linux kernel. When EDID reading fails and the driver reports no available modes, the DRM core adds an artificial 1024x786 mode to the connector. The fix ensures a safe 640x480 mode is reported as a fallback instead. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 25, 2026, clarifying affected product configurations and removing rejected CVEs from the advisory.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those using RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices in critical infrastructure or manufacturing environments. Security teams responsible for OT/ICS asset management and vulnerability tracking should prioritize this for systems where display output functionality is required for local management interfaces.
Technical summary
The vulnerability exists in the drm/exynos HDMI driver within the Linux kernel's Direct Rendering Manager subsystem. When Extended Display Identification Data (EDID) reading fails—typically due to display connection issues or hardware problems—the driver reports no available display modes. In response, the DRM core automatically injects an artificial 1024x786 mode as a fallback. The security concern relates to this automatic mode injection behavior when EDID data is unavailable. The fix modifies the driver to report a safe 640x480 mode instead. This vulnerability is relevant to Siemens industrial networking products running SINEC OS that incorporate the affected kernel components, including RUGGEDCOM RST2428P and various SCALANCE X-family switches used in industrial automation environments.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for affected product configurations and patch availability
- Verify if SINEC OS-based devices in your environment are running vulnerable kernel versions
- Apply vendor-provided firmware updates for affected RUGGEDCOM and SCALANCE products when available
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
CVE description indicates Linux kernel drm/exynos HDMI driver issue. CISA ICS advisory ICSA-25-226-07 and Siemens ProductCERT SSA-355557 identify affected industrial control products. Advisory revision history shows multiple updates through February 2026 to correct affected product lists and clarify configurations.
Official resources
-
CVE-2024-40916 CVE record
CVE.org
-
CVE-2024-40916 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12