PatchSiren cyber security CVE debrief
CVE-2024-40958 Siemens CVE debrief
A use-after-free vulnerability in the Linux kernel's network namespace (netns) subsystem, specifically in the get_net_ns() function, affects Siemens industrial networking products. The vulnerability stems from improper handling of zero refcount network namespace objects, which can lead to memory corruption when refcount_t operations are performed on freed memory. Siemens has assessed this vulnerability as 'Misinformed' for affected products, indicating the reported impact does not apply to their specific implementations. The vulnerability was originally identified through Syzkaller kernel fuzzing, which detected a refcount_t warning condition. While the underlying Linux kernel vulnerability exists, Siemens products incorporate this third-party component in configurations that do not expose the vulnerable code path. Organizations should verify their specific product configurations and apply vendor-provided updates when available.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial Ethernet switches and routers, particularly in critical infrastructure and manufacturing environments. Security teams responsible for OT/ICS asset management and vulnerability assessment programs. Linux kernel maintainers and distributors packaging netns functionality for embedded industrial systems.
Technical summary
The vulnerability exists in the Linux kernel's network namespace implementation where get_net_ns() fails to properly validate zero refcount conditions on network namespace objects. When refcount_t addition operations occur on already-freed net namespace structures, use-after-free conditions can manifest. The Syzkaller kernel fuzzer identified this through refcount_t: addition on 0 warnings. Siemens products including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P incorporate this kernel component but are assessed as not vulnerable to the reported impact based on their specific configurations and usage patterns.
Defensive priority
routine
Recommended defensive actions
- Verify specific product model and firmware version against Siemens ProductCERT advisory SSA-355557 to confirm vulnerability applicability
- Review network namespace isolation configurations in deployed Siemens industrial networking equipment
- Monitor Siemens ProductCERT security advisories for future updates to impact assessment or remediation guidance
- Apply defense-in-depth practices for industrial control systems per CISA recommended practices
- If running custom Linux kernel builds with netns functionality, ensure proper refcount handling in get_net_ns() code path
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Siemens ProductCERT advisory SSA-355557 provides product-specific impact assessment. Threat categorization explicitly marked as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. Advisory revision history shows multiple updates through 2026-02-25 clarifying affected product configurations and removing rejected CVEs.
Official resources
-
CVE-2024-40958 CVE record
CVE.org
-
CVE-2024-40958 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12