PatchSiren cyber security CVE debrief
CVE-2024-41009 Siemens CVE debrief
CVE-2024-41009 is a MEDIUM severity vulnerability (CVSS 5.5) in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically affecting the ring buffer (ringbuf) implementation. The flaw involves overrunning reservations in the ringbuf, which could lead to resource exhaustion or denial-of-service conditions. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products, including the RUGGEDCOM RST2428P and SCALANCE families, though the source advisory marks the impact as 'Misinformed' for the tracked product IDs. The vulnerability stems from improper resource management (CWE-770) in the BPF ringbuf reservation mechanism. Organizations should consult Siemens ProductCERT advisory SSA-355557 for specific product impact assessments and patch availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial networking equipment. OT security teams managing BPF-enabled systems in industrial environments. System administrators responsible for firmware maintenance of Siemens industrial Ethernet switches and routers.
Technical summary
The vulnerability exists in the Linux kernel's BPF ring buffer (ringbuf) subsystem where reservations can be overrun, potentially causing resource exhaustion. The ringbuf is a high-performance data structure used for passing data between kernel BPF programs and user-space applications. Improper handling of reservation boundaries could allow a BPF program to consume excessive ring buffer space, leading to denial-of-service conditions. This affects Siemens industrial networking products that incorporate vulnerable Linux kernel versions with BPF support enabled.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT SSA-355557 advisory for definitive product impact assessment and patch status
- Verify kernel/BPF subsystem versions on affected Siemens industrial networking equipment
- Apply vendor-provided firmware updates when available per Siemens guidance
- Monitor CISA ICS advisories for additional guidance on industrial control system protections
- Implement network segmentation for industrial control systems per CISA recommended practices
- Review BPF program deployments for resource consumption patterns that could trigger ringbuf exhaustion
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. Source advisory ICSA-25-226-07 from CISA CSAF. Siemens ProductCERT SSA-355557 provides product-specific guidance. Impact marked as 'Misinformed' in source for tracked product IDs (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003). CWE-770 (Allocation of Resources Without Limits or Throttling) referenced.
Official resources
-
CVE-2024-41009 CVE record
CVE.org
-
CVE-2024-41009 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12