CVE-2024-40971 Siemens CVE debrief

Who should care

Organizations running Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE XC/XR/XCM/XRM/XCH/XRH families) should verify their systems are not affected. Linux system administrators using F2FS with inline encryption enabled should monitor kernel security updates for the underlying vulnerability.

Technical summary

CVE-2024-40971 describes a race condition in the Linux kernel's F2FS (Flash-Friendly File System) where the SB_INLINECRYPT flag is cleared and re-set during f2fs_remount operations. If files are created or opened during this gap, they will not use inline encryption. In worst-case scenarios with wrappedkey_v0 enabled, this may lead to data corruption. Siemens has assessed this vulnerability as not affecting their listed industrial networking products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family), categorizing it as 'Misinformed' in their security advisory.

Defensive priority

low

Recommended defensive actions

• Verify that affected Siemens industrial networking products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) are running current firmware versions as no补丁
• Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
• Monitor Siemens ProductCERT advisories for any future reassessment of this vulnerability

Evidence notes

The source advisory (ICSA-25-226-07) explicitly marks CVE-2024-40971 as 'Misinformed' for all listed Siemens products, indicating the vulnerability does not affect these systems. The underlying Linux kernel issue involves a race condition in F2FS remount operations where the SB_INLINECRYPT flag is cleared and re-set, creating a window where files may be created without inline encryption.

Official resources