PatchSiren cyber security CVE debrief
CVE-2024-41006 Siemens CVE debrief
CVE-2024-41006 is a memory leak vulnerability in the Linux kernel's NET/ROM amateur packet radio protocol implementation, specifically within the `nr_heartbeat_expiry()` function. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens ProductCERT issued advisory SSA-355557 addressing third-party components in SINEC OS, which includes this kernel-level issue. CISA republished this advisory as ICSA-25-226-07 on the same publication date. The vulnerability has a CVSS score of 4.4 (MEDIUM severity) and is classified under CWE-404 (Improper Resource Shutdown or Release). According to the source advisory, the impact assessment for affected Siemens products is marked as 'Misinformed,' indicating potential documentation or categorization issues in initial disclosures. The advisory underwent multiple revisions, with significant updates in February 2026 including corrections to affected product lists and removal of rejected CVEs. No known exploitation in the wild or ransomware campaign use has been reported.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices. System administrators managing SINEC OS deployments and security teams responsible for industrial control system infrastructure should prioritize review of vendor guidance.
Technical summary
The vulnerability exists in the `nr_heartbeat_expiry()` function within the Linux kernel's NET/ROM (Network Radio Amateur) protocol implementation. This amateur packet radio networking protocol fails to properly release memory resources during heartbeat timeout processing, leading to a memory leak condition. The issue affects Siemens products running SINEC OS that incorporate vulnerable Linux kernel versions. The CVSS 4.4 MEDIUM score reflects limited exploitability requiring local access or specific network conditions. The 'Misinformed' impact classification in the source advisory suggests initial uncertainty or documentation issues regarding actual affected status, which was subsequently clarified in February 2026 revisions.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for complete affected product and patch information
- Verify kernel version in use against vendor-provided fixed versions for SINEC OS and related products
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Apply vendor-supplied firmware or software updates when available
- Implement network segmentation for affected industrial control systems per CISA recommended practices
- Disable NET/ROM protocol if not required for operational functionality
Evidence notes
Source advisory ICSA-25-226-07 from CISA CSAF repository, republished from Siemens ProductCERT SSA-355557. Impact marked as 'Misinformed' in threat data. Multiple revision history entries confirm advisory evolution. No KEV listing present.
Official resources
-
CVE-2024-41006 CVE record
CVE.org
-
CVE-2024-41006 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12