PatchSiren cyber security CVE debrief
CVE-2024-40981 Siemens CVE debrief
CVE-2024-40981 is a vulnerability in the batman-adv (Better Approach To Mobile Ad-hoc Networking Advanced) kernel module, specifically within the `batadv_purge_orig_ref()` function. The issue involves empty buckets that can lead to soft lockups, causing system instability or denial of service conditions. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. However, the CISA advisory marks the impact assessment as 'Misinformed,' suggesting potential discrepancies in the initial severity or scope evaluation. No CVSS score or severity rating is currently available. Organizations should monitor Siemens ProductCERT advisory SSA-355557 for definitive affected product lists and remediation guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family switches in mesh networking configurations. Industrial operators using batman-adv for wireless backhaul or ad-hoc network resilience in critical infrastructure environments.
Technical summary
The vulnerability exists in the `batadv_purge_orig_ref()` function of the batman-adv mesh networking kernel module. Empty hash buckets during originator table purging operations can trigger soft lockups, rendering the system unresponsive. This affects mesh networking functionality in embedded Linux systems, specifically Siemens industrial Ethernet switches running SINEC OS with batman-adv enabled. The condition represents a denial-of-service vector through resource exhaustion in kernel thread scheduling.
Defensive priority
medium
Recommended defensive actions
- Monitor Siemens ProductCERT advisory SSA-355557 for confirmed affected product lists and patch availability
- Review CISA ICS advisory ICSA-25-226-07 for updated impact assessment
- Assess network infrastructure for batman-adv usage in affected Siemens SCALANCE and RUGGEDCOM products
- Apply defense-in-depth controls per CISA ICS recommended practices pending vendor patches
- Subscribe to Siemens ProductCERT security advisories for SINEC OS updates
Evidence notes
The vulnerability description indicates a kernel-level issue in batman-adv's originator reference purging logic. The 'Misinformed' impact classification in the CISA CSAF data suggests the initial assessment may require correction. Siemens' SSA-355557 advisory is the authoritative source for affected product determination. The February 2026 revisions to the CISA advisory included significant corrections to affected product lists and removal of multiple rejected CVEs, indicating ongoing refinement of scope.
Official resources
-
CVE-2024-40981 CVE record
CVE.org
-
CVE-2024-40981 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12