PatchSiren cyber security CVE debrief
CVE-2024-40978 Siemens CVE debrief
CVE-2024-40978 describes a crash condition in the Linux kernel's qedi SCSI driver. The vulnerability exists in the qedi_dbg_do_not_recover_cmd_read() function, which incorrectly invokes sprintf() directly on a __user pointer. This improper memory access can trigger a kernel crash when reading the associated debugfs attribute. The issue was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products that incorporate the vulnerable Linux kernel component, specifically within their SINEC OS environment. The CISA advisory ICSA-25-226-07, republished on 2026-02-25, tracks this vulnerability alongside other third-party components in Siemens products. Notably, the threat assessment for this CVE is categorized as 'Misinformed' in the source advisory, indicating potential discrepancies in initial impact assessment. No CVSS score or severity rating is currently available in the source data. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and no known ransomware campaign use has been documented.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 6.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. System administrators responsible for Linux kernel security in industrial environments. Security teams monitoring third-party component vulnerabilities in OT/ICS infrastructure.
Technical summary
The vulnerability resides in the qedi_dbg_do_not_recover_cmd_read() function within the Linux kernel's qedi SCSI driver. The function incorrectly passes a __user pointer directly to sprintf(), violating kernel memory access rules. When a user reads the corresponding debugfs attribute, this improper pointer dereference triggers a kernel crash. The qedi driver supports QLogic FastLinQ QL4xxxx iSCSI adapters. The crash occurs in the debugfs read path, making this a local denial-of-service condition requiring privileged access to the debugfs filesystem.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific impact and patch information
- Verify kernel version on affected Siemens devices running SINEC OS and identify if qedi driver is present
- Apply vendor-provided firmware updates when available per Siemens security advisory guidance
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Implement network segmentation for industrial control systems per CISA recommended practices
- Restrict administrative access to debugfs interfaces on affected systems where possible
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The threat category 'Misinformed' appears in the source advisory's threats section for products CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The CVE was initially published on 2025-08-12 and underwent multiple revisions, with the most recent CISA republication on 2026-02-25 based on updated Siemens advisory information.
Official resources
-
CVE-2024-40978 CVE record
CVE.org
-
CVE-2024-40978 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12