PatchSiren cyber security CVE debrief
CVE-2024-41064 Siemens CVE debrief
CVE-2024-41064 describes a possible crash condition in the Linux kernel's powerpc/eeh (Error Event Handler) subsystem when the edev->pdev pointer changes. The vulnerability was originally published on 2025-08-12 and last modified on 2026-02-25. CISA's advisory ICSA-25-226-07, which tracks this CVE, underwent multiple revisions: an initial publication, corrections to affected products (moving entries to Known Not Affected), clarification of affected configurations for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and a final republication based on Siemens ProductCERT advisory SSA-355557. Notably, the threat assessment in the source material categorizes the impact as 'Misinformed' for the listed product IDs, suggesting the vulnerability may not represent a genuine security concern for the affected Siemens products. Siemens ProductCERT has issued CSAF and HTML advisories (SSA-355557) providing authoritative guidance. No CVSS score or severity rating is available in the source corpus. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices should monitor vendor guidance, though the 'Misinformed' threat classification indicates limited immediate action may be required.
Technical summary
The vulnerability exists in the powerpc/eeh (Error Event Handler) subsystem of the Linux kernel. The condition occurs when the edev->pdev (PCI device) pointer changes, potentially causing a crash. This is a low-level kernel issue specific to PowerPC architecture error handling. The CISA/Siemens advisory categorizes the impact as 'Misinformed,' suggesting the reported vulnerability may not be exploitable or may not represent a genuine security concern for the listed affected products.
Defensive priority
low
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for authoritative product-specific guidance
- Verify current firmware version against vendor recommendations
- Apply vendor-provided updates if available
- Monitor CISA ICS advisories for future updates to ICSA-25-226-07
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The source CISA CSAF advisory ICSA-25-226-07 explicitly marks the threat category as 'Misinformed' for products CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003, indicating this CVE may not constitute a valid security vulnerability for the listed Siemens products. The advisory was republicated on 2026-02-25 based on Siemens ProductCERT SSA-355557. Multiple CVEs were removed from this advisory in the 2026-02-24 revision, though CVE-2024-41064 was retained.
Official resources
-
CVE-2024-41064 CVE record
CVE.org
-
CVE-2024-41064 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12