PatchSiren cyber security CVE debrief
CVE-2024-40980 Siemens CVE debrief
CVE-2024-40980 is a MEDIUM severity vulnerability (CVSS 5.9) affecting the Linux kernel's drop_monitor component. The issue stems from trace_drop_common() being called with preemption disabled while acquiring a spin_lock, which causes problems on Real-Time (RT) kernels where spin_locks become sleeping locks. This configuration can trigger kernel warnings (splat) and potential system instability. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this as affecting their RUGGEDCOM RST2428P (6GK6242-6PA00) and other industrial networking products running SINEC OS, as documented in CISA advisory ICSA-25-226-07. The vulnerability originates from third-party Linux kernel components used in Siemens industrial control systems. Organizations running affected Siemens industrial networking equipment with RT kernel configurations should monitor for vendor security advisories and apply patches when available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and no known ransomware campaign use has been reported.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial Ethernet switches in critical infrastructure environments, particularly those with real-time kernel requirements for deterministic network performance.
Technical summary
The vulnerability exists in the Linux kernel's drop_monitor subsystem where trace_drop_common() acquires a spin_lock while preemption is disabled. On Real-Time (RT) kernels, spin_locks are converted to sleeping locks, which violates the preemption-disabled context and causes kernel warnings or instability. The fix involves replacing spin_lock with raw_spin_lock to maintain correct locking behavior in RT kernel configurations. This affects Siemens industrial networking products that utilize Linux-based SINEC OS with RT kernel patches.
Defensive priority
medium
Recommended defensive actions
- Monitor Siemens ProductCERT security advisories for patch availability for affected RUGGEDCOM and SCALANCE products
- Review kernel configurations on affected industrial control systems to identify RT kernel deployments
- Apply vendor-provided firmware updates when released, prioritizing critical infrastructure systems
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The issue is specifically documented as affecting RT kernel configurations where spin_lock behavior changes to sleeping locks. Siemens revision history shows multiple updates through February 2026, including corrections to affected product lists and clarification of impacted SCALANCE family configurations.
Official resources
-
CVE-2024-40980 CVE record
CVE.org
-
CVE-2024-40980 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12