PatchSiren cyber security CVE debrief
CVE-2024-40934 Siemens CVE debrief
This CVE addresses a memory leak in the Linux kernel's HID Logitech DJ driver, specifically in the `logi_dj_recv_switch_to_dj_mode()` function. The vulnerability occurs on the error path of `logi_dj_recv_send_report()` where allocated memory is not properly freed, leading to resource exhaustion over time. Siemens has identified this as affecting certain industrial networking products that incorporate the vulnerable Linux kernel component, including the RUGGEDCOM RST2428P and SCALANCE X family switches running SINEC OS. The CISA advisory ICSA-25-226-07, published August 12, 2025, tracks this vulnerability as part of a broader third-party component security assessment. Notably, the advisory underwent significant revision in February 2026, including removal of multiple rejected CVEs and clarification of affected product configurations. The vulnerability is classified as 'Misinformed' impact in the CSAF data, suggesting limited practical exploitability in the identified Siemens deployment context. No CVSS score has been assigned in the available sources.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
System administrators managing Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family switches; industrial control system security teams; organizations with OT/ICS networks utilizing SINEC OS; vulnerability management programs tracking third-party component security in embedded systems
Technical summary
The vulnerability exists in the Linux kernel's HID Logitech DJ (Device Junction) receiver driver. When `logi_dj_recv_send_report()` fails, the error path in `logi_dj_recv_switch_to_dj_mode()` does not properly free previously allocated memory, resulting in a memory leak. This is a classic resource management defect (CWE-404: Improper Resource Shutdown or Release). In the Siemens deployment context, this affects industrial Ethernet switches running SINEC OS that incorporate the vulnerable kernel component. The 'Misinformed' impact classification in the CSAF data suggests that while the vulnerability exists in the underlying component, its practical security impact in the identified Siemens products may be limited or require specific conditions to manifest.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed affected product configurations and patch availability
- Verify kernel version on affected SINEC OS deployments and apply vendor-provided updates
- Monitor system memory utilization on affected industrial switches for signs of resource exhaustion
- Implement network segmentation for industrial control systems per CISA recommended practices
- Subscribe to Siemens ProductCERT and CISA ICS advisories for future updates on this vulnerability
Evidence notes
Memory leak vulnerability in Linux HID Logitech DJ driver; affects Siemens industrial networking products via SINEC OS; classified as 'Misinformed' impact in CSAF threat data; advisory revised multiple times with product scope clarifications
Official resources
-
CVE-2024-40934 CVE record
CVE.org
-
CVE-2024-40934 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12