PatchSiren cyber security CVE debrief
CVE-2024-41007 Siemens CVE debrief
CVE-2024-41007 is a LOW-severity vulnerability (CVSS 3.3) in the Linux kernel's TCP implementation. The issue occurs when a TCP socket uses TCP_USER_TIMEOUT, potentially causing excessive retransmit packets. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting their RUGGEDCOM RST2428P (6GK6242-6PA00) and other industrial networking products, though the CISA advisory marks the impact assessment as 'Misinformed' for the listed product IDs. The vulnerability originates from the upstream Linux kernel and has been addressed through standard kernel maintenance processes. Organizations running affected Siemens industrial control systems should consult the vendor's security advisory for specific patch availability and deployment guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- LOW 3.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P and related SCALANCE industrial networking equipment; industrial control system operators relying on TCP-based communications with TCP_USER_TIMEOUT configurations; security teams managing OT/ICS infrastructure with Linux-based embedded systems.
Technical summary
This vulnerability exists in the Linux kernel's TCP stack when TCP_USER_TIMEOUT socket option is enabled. The flaw could lead to excessive packet retransmissions under certain network conditions. The issue is classified as LOW severity with a CVSS score of 3.3. Siemens industrial networking products incorporating affected kernel versions are impacted, though the CISA advisory notes some uncertainty in the impact assessment ('Misinformed' classification). Remediation requires kernel updates or firmware patches from the equipment vendor.
Defensive priority
routine
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for affected product confirmation and patch status
- Monitor vendor security notifications for firmware updates addressing this kernel-level TCP vulnerability
- Apply defense-in-depth practices for industrial control systems per CISA guidance
- Verify TCP_USER_TIMEOUT configurations on affected systems if accessible
- Coordinate with Siemens support for specific product remediation timelines
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. Siemens ProductCERT SSA-355557 identifies affected products including RUGGEDCOM RST2428P. CISA advisory ICSA-25-226-07 marks impact as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, CSAFPID-0003. Source indicates this is a Linux kernel TCP implementation issue related to TCP_USER_TIMEOUT handling.
Official resources
-
CVE-2024-41007 CVE record
CVE.org
-
CVE-2024-41007 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12