PatchSiren cyber security CVE debrief
CVE-2024-41005 Siemens CVE debrief
CVE-2024-41005 is a race condition vulnerability in the Linux kernel's netpoll subsystem, specifically in the netpoll_owner_active function. The vulnerability was detected by the Kernel Concurrency Sanitizer (KCSAN), which identified a race condition in netpoll. This flaw could potentially lead to undefined behavior or system instability when netpoll is active. The vulnerability has been assigned a CVSS score of 4.9 (MEDIUM severity). Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. However, the CISA advisory marks the impact assessment as 'Misinformed' for the affected products, suggesting potential clarification or correction may be needed regarding actual impact. The advisory has undergone multiple revisions, with the most recent update on February 25, 2026, based on Siemens ProductCERT SSA-355557 advisory. Organizations should consult the official Siemens security advisory for definitive product impact and patch availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR series devices. OT security teams managing SINEC OS deployments should prioritize verification of actual impact given the 'Misinformed' designation in source materials.
Technical summary
A race condition exists in the netpoll_owner_active function within the Linux kernel's netpoll subsystem. The Kernel Concurrency Sanitizer (KCSAN) detected this concurrency defect, which could manifest when netpoll is active. Race conditions in kernel networking code can lead to use-after-free, null pointer dereference, or other memory corruption issues. The vulnerability is present in Siemens industrial networking products utilizing affected kernel versions in SINEC OS.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for definitive product impact assessment and patch availability
- Verify SINEC OS version on affected Siemens industrial networking equipment
- Apply kernel updates or vendor-provided patches when available per Siemens guidance
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Implement network segmentation for industrial control systems per CISA recommended practices
- Assess actual exposure given 'Misinformed' impact designation in source advisory
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. Source CISA CSAF advisory ICSA-25-226-07. Impact marked as 'Misinformed' per source threats data. Multiple advisory revisions tracked, with final republication based on Siemens SSA-355557.
Official resources
-
CVE-2024-41005 CVE record
CVE.org
-
CVE-2024-41005 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12