PatchSiren cyber security CVE debrief
CVE-2024-40947 Siemens CVE debrief
CVE-2024-40947 is a MEDIUM severity vulnerability (CVSS 5.5) in the Linux kernel's Integrity Measurement Architecture (IMA). The issue involves a blocking operation occurring within an RCU (Read-Copy-Update) read-side critical section in the `ima_match_policy` function, which can lead to a kernel panic. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was disclosed in CISA advisory ICSA-25-226-07 on August 12, 2025, with subsequent updates through February 25, 2026, clarifying affected product configurations. The root cause is improper handling of RCU synchronization primitives in the IMA policy matching code path.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE X-family (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300) industrial Ethernet switches in critical infrastructure environments, particularly those relying on IMA for integrity measurement and attestation workflows.
Technical summary
The vulnerability exists in the Linux kernel's Integrity Measurement Architecture (IMA) subsystem. Specifically, the `ima_match_policy` function performs a blocking operation while holding an RCU read lock, violating RCU semantics. RCU read-side critical sections must be non-blocking to prevent system instability. When blocking occurs, it can lead to a kernel panic due to RCU stall detection or memory corruption. This affects Siemens industrial networking equipment running SINEC OS that incorporates the vulnerable kernel code. The CVSS 5.5 score reflects availability impact with medium severity.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific patch availability and deployment guidance
- Verify IMA (Integrity Measurement Architecture) configuration on affected Siemens devices running SINEC OS
- Monitor kernel panic logs on affected RUGGEDCOM RST2428P and SCALANCE X-family devices for indicators of this vulnerability
- Apply vendor-provided firmware updates when available per organizational change management procedures
- Consider disabling IMA if not required for operational security policies as a temporary risk reduction measure
- Implement network segmentation for affected industrial control devices to limit exposure
Evidence notes
The vulnerability description indicates a kernel panic condition in `ima_match_policy` due to blocking within an RCU read-side critical section. The CISA advisory (ICSA-25-226-07) was initially published on 2025-08-12 and subsequently modified on 2026-02-25 to clarify affected product configurations for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family. Siemens ProductCERT advisory SSA-355557 provides the primary vendor guidance. The threat assessment in the source material categorizes impact as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003.
Official resources
-
CVE-2024-40947 CVE record
CVE.org
-
CVE-2024-40947 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12