PatchSiren cyber security CVE debrief
CVE-2024-40961 Siemens CVE debrief
CVE-2024-40961 is a NULL pointer dereference vulnerability in the Linux kernel's IPv6 networking subsystem, specifically within the fib6_nh_init() function. The issue arises because in6_dev_get() can return NULL, which was not being checked before dereference. This vulnerability was identified through syzbot automated fuzzing. The vulnerability has a CVSS score of 5.5 (MEDIUM severity). According to the CISA CSAF advisory ICSA-25-226-07, Siemens initially listed this CVE as affecting certain industrial networking products including the RUGGEDCOM RST2428P and SCALANCE families running SINEC OS. However, subsequent advisory revisions indicate this CVE was misattributed to these products—the threat assessment was updated to 'Misinformed' and affected product entries were moved to 'Known Not Affected Products' in the February 2026 revision. The CVE was originally published on August 12, 2025, with the advisory last modified on February 25, 2026. Organizations should verify their specific product configurations against the latest Siemens ProductCERT advisory for accurate affected status.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Linux system administrators managing IPv6-enabled systems; industrial control system operators using Siemens networking equipment; security teams tracking kernel vulnerabilities; organizations implementing defense-in-depth for OT networks
Technical summary
The vulnerability exists in the Linux kernel's IPv6 routing subsystem where fib6_nh_init() calls in6_dev_get() without checking for a NULL return value. This can lead to a NULL pointer dereference when processing IPv6 network device initialization. The issue was discovered through syzbot kernel fuzzing. While initially reported as affecting Siemens industrial networking products running SINEC OS, subsequent advisory revisions corrected this attribution. The underlying kernel vulnerability remains relevant for Linux systems with IPv6 enabled.
Defensive priority
medium
Recommended defensive actions
- Verify product affected status using latest Siemens ProductCERT SSA-355557 advisory
- Apply kernel updates from Linux distribution vendor if running affected kernel versions
- Monitor CISA ICS advisories for any future corrections
- Review IPv6 networking configurations for defense in depth
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
CVE description indicates NULL dereference in fib6_nh_init() due to unchecked in6_dev_get() return value. CISA CSAF advisory ICSA-25-226-07 initially listed affected products but February 2026 revision reclassified threat as 'Misinformed' and moved products to 'Known Not Affected'. Source references include Siemens ProductCERT SSA-355557 and CISA ICS advisory.
Official resources
-
CVE-2024-40961 CVE record
CVE.org
-
CVE-2024-40961 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12