PatchSiren cyber security CVE debrief
CVE-2024-41081 Siemens CVE debrief
CVE-2024-41081 is a Linux kernel vulnerability in the Identifier Locator Addressing (ILA) subsystem, specifically in the `ila_output()` function. The fix involves blocking bottom halves (BH) to prevent potential race conditions. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens ProductCERT issued advisory SSA-355557 addressing third-party Linux kernel components in SINEC OS, which was subsequently republished by CISA as ICSA-25-226-07. The advisory was updated multiple times, with the most recent revision on February 25, 2026, clarifying affected product configurations and removing rejected CVEs. The vulnerability affects Siemens industrial networking products including RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The CVSS score of 5.5 (MEDIUM) indicates moderate severity. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including SCALANCE X-family switches (XC-300, XR-300, XC-400, XR-500WG, XR-500) and RUGGEDCOM RST2428P devices running SINEC OS. Critical infrastructure operators, manufacturing facilities, and utility providers utilizing these industrial Ethernet switches should prioritize assessment. Security teams responsible for OT/ICS environments and network administrators managing segmented industrial networks should review applicable patches.
Technical summary
The vulnerability exists in the Linux kernel's Identifier Locator Addressing (ILA) subsystem within the `ila_output()` function. ILA is a framework for locator/ID separation in IPv6 networks. The security fix blocks bottom halves (BH) during execution to prevent potential race conditions that could lead to undefined behavior. This is a defensive programming fix addressing synchronization issues in kernel networking code. The vulnerability affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable Linux kernel components.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed affected product configurations and patch availability
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices against vendor security advisory
- Apply kernel updates provided by Siemens through official support channels when available
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for industrial control systems per CISA recommended practices
- Ensure defense-in-depth strategies are in place for critical infrastructure deployments
Evidence notes
Source: CISA CSAF advisory ICSA-25-226-07, republished from Siemens ProductCERT SSA-355557. Advisory revision history shows four updates, with the latest on 2026-02-25 clarifying SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family affected configuration and removing rejected CVEs. Threat impact marked as 'Misinformed' per source.
Official resources
-
CVE-2024-41081 CVE record
CVE.org
-
CVE-2024-41081 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12