PatchSiren cyber security CVE debrief

CVE-2024-42084 Siemens CVE debrief

CVE-2024-42084 describes a vulnerability in the Linux kernel's ftruncate system call where passing a negative length parameter accidentally succeeds in truncating files to a size between 2GiB and 4GiB, rather than returning an error as expected. This behavior could allow unintended file truncation operations that may lead to data integrity issues or denial of service conditions in affected systems. The vulnerability was published on August 12, 2025, and subsequently modified on February 25, 2026, as part of CISA's republication of Siemens ProductCERT advisory SSA-355557. Siemens has identified this CVE as affecting third-party components in SINEC OS, specifically impacting RUGGEDCOM RST2428P (6GK6242-6PA00) and SCALANCE networking product families. The advisory revision history indicates corrections to affected product listings and clarifications regarding specific product family configurations. While the CVSS score of 7.1 (HIGH) suggests significant impact potential, the source material marks the threat impact as 'Misinformed,' indicating potential discrepancies in initial severity assessment or affected product scope. Organizations should verify their specific product configurations against the latest advisory updates, as Siemens has moved several entries from affected to known-not-affected status in subsequent revisions.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: HIGH 7.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH series managed switches running SINEC OS. System administrators responsible for Linux-based embedded systems in OT environments. Security teams monitoring third-party component vulnerabilities in industrial control system supply chains. Developers maintaining applications that invoke ftruncate and require robust error handling for edge cases.

Technical summary

The ftruncate system call in affected Linux kernel versions fails to properly validate negative length parameters, resulting in successful truncation to file sizes between 2GiB and 4GiB rather than returning -1 with errno set to EINVAL. This improper input validation (CWE-20) could allow applications to inadvertently truncate files to unexpected sizes. The vulnerability manifests in Siemens SINEC OS through third-party Linux components used in RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, XCM-/XRM-/XCH-/XRH-300 family networking products. Advisory revisions indicate ongoing vendor assessment of actual affected status, with initial product listings subsequently corrected.

Defensive priority

HIGH

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 for current affected product status and verify product configurations against known-not-affected listings
Apply vendor-provided patches or updates for SINEC OS and affected RUGGEDCOM/SCALANCE products when available
Implement file system monitoring and integrity checks to detect unexpected truncation operations on critical files
Validate application code using ftruncate to ensure proper error handling for negative length parameters
Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control environments

Evidence notes

CVE published 2025-08-12; modified 2026-02-25 per CISA republication of Siemens SSA-355557. Advisory revision history shows four updates: initial publication (2025-08-12), corrected product lists (2026-02-12), clarified SCALANCE family configurations and removed rejected CVEs (2026-02-24), and final CISA republication (2026-02-25). Source marks threat impact as 'Misinformed' for products CSAFPID-0006, CSAFPID-0002, CSAFPID-0003.

Official resources

2025-08-12