PatchSiren cyber security CVE debrief
CVE-2024-40931 Siemens CVE debrief
CVE-2024-40931 is a MEDIUM severity vulnerability (CVSS 5.5) in the Linux kernel's Multipath TCP (MPTCP) implementation. The issue involves improper initialization of the snd_una (send unacknowledged) sequence number during connection establishment, which could lead to incorrect TCP state handling. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting their RUGGEDCOM RST2428P and SCALANCE networking products that incorporate affected third-party Linux components, as documented in their ProductCERT advisory SSA-355557. CISA republished this advisory as ICSA-25-226-07. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and no known ransomware campaign use has been reported.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH series industrial Ethernet switches should prioritize assessment. System integrators and operators of industrial control systems (ICS/OT) environments using SINEC OS-based devices are also affected. Network administrators responsible for critical infrastructure communications infrastructure should evaluate exposure, particularly where MPTCP is enabled for high-availability network paths. Security teams in manufacturing, energy, transportation, and other OT sectors should coordinate with engineering teams to verify device inventories and patch status.
Technical summary
This vulnerability exists in the Multipath TCP (MPTCP) implementation within the Linux kernel. The snd_una (send unacknowledged) field is not properly initialized during the connection setup phase, which can result in incorrect sequence number tracking and potential TCP state machine issues. MPTCP is an extension to standard TCP that enables the use of multiple paths for a single network connection, commonly used in industrial networking equipment for redundancy and load balancing. The improper initialization could lead to connection failures, data transmission errors, or in certain scenarios, protocol state confusion that might be exploitable for denial of service or traffic manipulation.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for affected product configurations and patch availability
- Apply vendor-provided firmware updates for RUGGEDCOM RST2428P and SCALANCE devices when available
- Monitor network traffic for anomalous MPTCP connection behavior if MPTCP is enabled on affected devices
- Consider disabling MPTCP if not required for operational functionality as a risk reduction measure
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
The vulnerability description 'mptcp: ensure snd_una is properly initialized on connect' indicates a kernel-level TCP implementation flaw. Siemens ProductCERT SSA-355557 and CISA ICSA-25-226-07 identify affected products including RUGGEDCOM RST2428P (6GK6242-6PA00) and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The advisory was republished by CISA on 2026-02-25 based on updated Siemens guidance. The threat category is marked as 'Misinformed' in the CSAF data, suggesting potential for protocol confusion or state desynchronization attacks.
Official resources
-
CVE-2024-40931 CVE record
CVE.org
-
CVE-2024-40931 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12