PatchSiren cyber security CVE debrief

CVE-2024-41068 Siemens CVE debrief

CVE-2024-41068 describes a failure condition in the sclp_init() function within the s390/sclp subsystem of the Linux kernel. The System Control and Program (SCLP) interface is used on IBM System z (s390) mainframes for communication between the operating system and the service processor. A failure in sclp_init() could prevent proper initialization of this critical interface, potentially affecting system availability or diagnostic capabilities on affected s390 systems. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this CVE as affecting certain industrial networking products that incorporate third-party Linux components, specifically the RUGGEDCOM RST2428P and select SCALANCE product families running SINEC OS. However, the CISA advisory marks the impact assessment as 'Misinformed' for the listed product IDs, indicating potential discrepancies in how this kernel-level vulnerability applies to the specific Siemens product configurations. Organizations operating Siemens industrial networking equipment should consult the vendor's ProductCERT advisory to determine actual applicability and risk to their deployed systems.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family industrial Ethernet switches in critical infrastructure or manufacturing environments should assess their exposure. System administrators responsible for SINEC OS deployments and OT security teams managing Siemens industrial networking infrastructure should prioritize vendor guidance verification. Security teams in sectors utilizing IBM System z mainframes with Linux workloads should evaluate kernel patch status for s390 environments.

Technical summary

CVE-2024-41068 is a Linux kernel vulnerability in the s390 (IBM System z) System Control and Program (SCLP) subsystem, specifically affecting the sclp_init() initialization function. SCLP provides an interface between the operating system and the service processor for hardware management, console I/O, and diagnostic functions. Failure of sclp_init() could impair these capabilities on s390-based systems. The vulnerability has been identified in Siemens industrial networking products that incorporate Linux-based SINEC OS, though the CISA advisory flags the impact assessment as potentially misinformed for certain product configurations. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and no CVSS score is currently assigned in the source data.

Defensive priority

medium

Recommended defensive actions

Verify whether deployed Siemens RUGGEDCOM RST2428P or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices run SINEC OS versions incorporating the vulnerable Linux kernel component
Consult Siemens ProductCERT advisory SSA-355557 for authoritative product-specific impact assessment and patch availability
Review CISA ICS recommended practices for defense-in-depth strategies applicable to industrial control system environments
Monitor vendor security advisories for updated firmware or software releases addressing third-party component vulnerabilities
Apply network segmentation controls to limit exposure of industrial networking equipment from untrusted networks

Evidence notes

CVE published 2025-08-12; modified 2026-02-25. Source CISA CSAF advisory ICSA-25-226-07. Siemens ProductCERT SSA-355557 referenced as authoritative vendor source. Impact marked 'Misinformed' in source threats data for product IDs CSAFPID-0006, CSAFPID-0002, CSAFPID-0003.

Official resources

2025-08-12