PatchSiren cyber security CVE debrief

CVE-2024-41072 Siemens CVE debrief

CVE-2024-41072 is a vulnerability in the Linux kernel's wireless configuration subsystem (cfg80211) that was resolved by adding an input validation check. The issue existed in the `cfg80211_wext_siwscan()` function, which handles wireless scanning requests via the `SIOCSIWSCAN` ioctl. Without proper bounds checking, a user could pass a number of channels exceeding `IW_MAX_FREQUENCIES`, potentially leading to memory safety issues. The fix adds validation to reject such requests with `-EINVAL` when the channel count exceeds the defined maximum. This vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel components, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The CISA advisory (ICSA-25-226-07) was initially published on August 12, 2025, with subsequent updates through February 25, 2026, to refine affected product listings and incorporate corrections from Siemens ProductCERT advisory SSA-355557. Notably, the source advisory marks the impact assessment for this CVE as 'Misinformed,' suggesting the initial severity or impact characterization may have been incorrect or overstated. Organizations should consult the Siemens ProductCERT advisory for specific patch availability and apply kernel updates as they become available for affected industrial control systems.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X-family managed switches (XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families) running SINEC OS. Security teams managing industrial wireless networks and OT infrastructure relying on Linux-based embedded systems for wireless connectivity.

Technical summary

The vulnerability exists in `cfg80211_wext_siwscan()` in the Linux kernel's wireless extensions compatibility layer. The function processes `SIOCSIWSCAN` ioctl requests for wireless scanning without validating that the number of channels specified does not exceed `IW_MAX_FREQUENCIES`. This missing bounds check could allow malformed requests to trigger out-of-bounds memory access. The resolution adds an explicit check to reject requests where the channel count exceeds the maximum, returning `-EINVAL` to the caller. This is a defensive input validation fix with no known active exploitation.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 for detailed affected product configurations and patch availability
Apply kernel updates provided by Siemens for affected RUGGEDCOM and SCALANCE devices when available
Validate that wireless scanning functionality in affected industrial networks operates within expected parameters
Monitor SINEC OS security bulletins for additional third-party component updates
Implement network segmentation for industrial wireless networks to limit exposure of affected devices

Evidence notes

The vulnerability description is derived from the Linux kernel commit message referenced in CISA CSAF advisory ICSA-25-226-07. The affected product identification comes from the CSAF product tree with high confidence. The 'Misinformed' impact classification is explicitly stated in the source advisory's threats section for products CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The timeline reflects the CVE publication date of August 12, 2025, and the most recent advisory modification on February 25, 2026, which was a CISA republication based on Siemens ProductCERT SSA-355557.

Official resources

2025-08-12