PatchSiren cyber security CVE debrief
CVE-2024-40942 Siemens CVE debrief
CVE-2024-40942 is a memory leak vulnerability in the Linux kernel's mac80211 wireless subsystem, specifically affecting mesh networking functionality. The flaw occurs in the Hybrid Wireless Mesh Protocol (HWMP) code where mesh_preq_queue objects are added to a list in ieee80211_if_mesh to track mesh paths (mpath) requiring resolution. When an mpath is deleted—for example, when a mesh interface is removed—the corresponding entries in this list are never cleaned up, resulting in a memory leak. Siemens has assessed this vulnerability as having no security impact (Misinformed) for its affected industrial networking products, including the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The vulnerability was originally published on August 12, 2025, with subsequent advisory updates through February 25, 2026, to refine affected product listings and incorporate corrections from Siemens ProductCERT.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE X-family switches) with Wi-Fi mesh capabilities; security teams monitoring Linux kernel wireless subsystem vulnerabilities; OT/ICS security practitioners tracking third-party component advisories for embedded industrial systems.
Technical summary
The vulnerability exists in the Linux kernel's mac80211 subsystem, specifically in the mesh networking implementation's Hybrid Wireless Mesh Protocol (HWMP) path resolution mechanism. The mesh_preq_queue structure is used to queue path discovery requests when resolving mesh paths. These objects are added to a linked list (ieee80211_if_mesh) but lack proper cleanup when the associated mesh path (mpath) is deleted. The trigger condition—removal of a mesh interface—leaves orphaned queue entries, causing unbounded memory consumption over time. Siemens has determined this vulnerability presents no security impact for its affected industrial networking products, which utilize the Linux kernel as part of SINEC OS.
Defensive priority
low
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current product impact assessment
- Verify SINEC OS version and mesh networking configuration on affected Siemens industrial switches
- Monitor CISA ICS advisories for any future impact reassessment
- Apply standard memory management monitoring for systems utilizing Wi-Fi mesh networking
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. Siemens has classified the impact as Misinformed for affected products, indicating no security relevance. The CVE was originally published August 12, 2025, and the advisory was last modified February 25, 2026. No CVSS score is available in the source corpus.
Official resources
-
CVE-2024-40942 CVE record
CVE.org
-
CVE-2024-40942 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12