PatchSiren cyber security CVE debrief
CVE-2024-41097 Siemens CVE debrief
CVE-2024-41097 is a vulnerability in the Linux kernel's USB ATM driver for Conexant AccessRunner USB ADSL modems (cxacru). The flaw involves incomplete endpoint checking in the cxacru_bind() function, which could lead to improper handling of USB device endpoints. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. The vulnerability has been assessed as MEDIUM severity with a CVSS score of 4.3. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. However, the CISA advisory (ICSA-25-226-07) marks the impact assessment for these products as 'Misinformed,' indicating potential discrepancies in the initial vulnerability applicability. The CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and there is no indication of known ransomware campaign use. Organizations should consult Siemens ProductCERT advisory SSA-355557 for authoritative product-specific guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families) running SINEC OS should monitor this advisory. Security teams managing OT/ICS environments, network administrators responsible for industrial Ethernet infrastructure, and compliance officers tracking third-party component vulnerabilities in industrial products should review the Siemens ProductCERT guidance for definitive product impact status.
Technical summary
The vulnerability exists in the cxacru_bind() function within the Linux kernel's USB ATM driver for Conexant AccessRunner USB ADSL modems. Incomplete validation of USB endpoints during device binding could result in improper device initialization or unexpected behavior. The flaw is classified under CWE-20 (Improper Input Validation). While the underlying Linux kernel vulnerability is genuine, CISA's advisory marks the impact on specific Siemens SINEC OS products as 'Misinformed,' suggesting the initial applicability assessment may require correction. The advisory has undergone multiple revisions, with the most recent update on February 25, 2026, reflecting ongoing vendor coordination.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for authoritative product-specific impact assessment and remediation guidance
- Verify SINEC OS version and installed kernel packages on affected Siemens RUGGEDCOM and SCALANCE devices
- Apply vendor-provided firmware updates or patches when available per Siemens security advisory
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
Evidence notes
The vulnerability description is sourced from the CVE record and CISA CSAF advisory ICSA-25-226-07. Siemens ProductCERT advisory SSA-355557 provides the authoritative vendor assessment. The 'Misinformed' impact designation appears in the CISA advisory's threat data for affected product IDs. The CVE is not present in CISA KEV. Revision history shows the advisory was republished on February 25, 2026, based on updated Siemens guidance.
Official resources
-
CVE-2024-41097 CVE record
CVE.org
-
CVE-2024-41097 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12