CVE-2024-42087 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial network devices should review this advisory to confirm their specific product configurations and firmware versions are not affected, and to apply vendor guidance as appropriate.

Technical summary

CVE-2024-42087 is a Linux kernel vulnerability in the drm/panel driver for the Ilitek ILI9881C display panel controller. The issue manifests as a warning condition related to GPIO controller handling. The vulnerability was included in a Siemens ProductCERT advisory covering third-party components in SINEC OS, which is used in Siemens industrial network devices including SCALANCE and RUGGEDCOM product families. Siemens has assessed the security impact as misinformed, indicating that the vulnerability does not present a practical security concern in their operational technology deployment context. The advisory has undergone multiple revisions, with the most recent CISA republication on 2026-02-25 incorporating corrections to affected product lists and configuration clarifications. No CVSS score has been assigned to this CVE.

Defensive priority

low

Recommended defensive actions

• Review Siemens ProductCERT SSA-355557 advisory for product-specific impact determination
• Verify SINEC OS and affected Siemens network device firmware versions against vendor guidance
• Apply vendor-provided updates when available per organizational patch management policy
• Monitor CISA ICS advisories for subsequent updates to this vulnerability

Evidence notes

CVE published 2025-08-12; CISA republication 2026-02-25 based on Siemens SSA-355557. Siemens assessed impact as misinformed. No CVSS assigned.

Official resources