PatchSiren cyber security CVE debrief

CVE-2024-41087 Siemens CVE debrief

CVE-2024-41087 is a double-free vulnerability in the Linux kernel's libata-core ATA subsystem. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. CISA republished this advisory on 2026-02-25 based on Siemens ProductCERT SSA-355557 advisory updates. The vulnerability carries a HIGH severity CVSS score of 7.8. Siemens has assessed the impact as 'Misinformed' for affected product configurations, indicating this CVE may not represent an actual vulnerability exposure in the listed Siemens industrial networking products. The affected products include RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. This CVE originated from the upstream Linux kernel and was included in Siemens' third-party component security assessment. Organizations should verify their specific product configurations against Siemens' latest advisory guidance to determine actual exposure, as the threat assessment indicates potential misidentification of affected status.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, or RUGGEDCOM RST2428P industrial Ethernet switches running SINEC OS. OT security teams managing industrial network infrastructure, asset owners in critical infrastructure sectors utilizing Siemens networking equipment, and vulnerability management programs tracking third-party component security in industrial products.

Technical summary

CVE-2024-41087 describes a double-free condition in the Linux kernel's ATA library core (libata-core). The vulnerability occurs when error handling paths in the ATA subsystem may trigger multiple deallocation operations on the same memory object. This class of memory management flaw can lead to kernel memory corruption, potential denial of service, or privilege escalation in affected systems. The vulnerability affects Siemens industrial networking products utilizing SINEC OS, which incorporates the Linux kernel. Siemens' security assessment indicates the impact classification of 'Misinformed' suggests the CVE may have been incorrectly associated with affected product configurations, and organizations should verify actual exposure through the vendor's latest advisory guidance.

Defensive priority

medium

Recommended defensive actions

Verify product configuration against Siemens SSA-355557 advisory to confirm actual vulnerability exposure, as Siemens has assessed impact as 'Misinformed' for listed product configurations
Monitor Siemens ProductCERT advisories for updated guidance on affected product status
Apply kernel updates through Siemens SINEC OS maintenance channels when validated patches become available
Implement network segmentation for industrial control systems per CISA ICS recommended practices
Review and update asset inventory to identify all SCALANCE and RUGGEDCOM devices running SINEC OS

Evidence notes

CVE published 2025-08-12; modified 2026-02-25. CISA republication based on Siemens SSA-355557 advisory. Siemens threat assessment categorizes impact as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, CSAFPID-0003. Source advisory underwent multiple revisions: initial publication (2025-08-12), corrected affected products (2026-02-12), clarified SCALANCE family configuration and removed rejected CVEs (2026-02-24), and CISA republication update (2026-02-25).

Official resources

2025-08-12