PatchSiren cyber security CVE debrief
CVE-2024-42093 Siemens CVE debrief
CVE-2024-42093 is a HIGH severity vulnerability (CVSS 7.1) affecting the Linux kernel's DPAA2 (Data Path Acceleration Architecture Gen 2) network driver. The issue stems from explicit allocation of cpumask variables on the stack when CONFIG_CPUMASK_OFFSTACK=y is enabled, which can lead to potential stack overflow conditions. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this CVE as affecting multiple industrial networking products including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The CISA advisory ICSA-25-226-07, which tracks third-party components in SINEC OS, has undergone multiple revisions, with the most recent update on February 25, 2026, reflecting corrections to affected product lists and clarifications on product configurations. Notably, the advisory's threat assessment categorizes the impact as 'Misinformed' for the listed product IDs, suggesting potential discrepancies in initial vulnerability applicability assessments. Organizations running affected Siemens industrial networking equipment should consult the vendor's security advisory for patch availability and apply recommended mitigations.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly RUGGEDCOM and SCALANCE product lines; OT security teams managing kernel-based industrial devices; system administrators responsible for firmware maintenance in critical infrastructure environments
Technical summary
The vulnerability exists in the net/dpaa2 driver where explicit cpumask variable allocation on the kernel stack occurs. When CONFIG_CPUMASK_OFFSTACK=y is configured, this allocation pattern can cause stack overflow. The DPAA2 driver is used in NXP SoCs for network acceleration, commonly deployed in industrial networking equipment. The issue represents a memory safety defect that could potentially lead to denial of service or undefined behavior in kernel context.
Defensive priority
HIGH
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product impact assessment and patch availability
- Verify CONFIG_CPUMASK_OFFSTACK kernel configuration status on affected systems
- Apply vendor-provided firmware updates for RUGGEDCOM RST2428P and SCALANCE family devices when available
- Monitor CISA ICS advisories for additional guidance on industrial control system mitigations
- Implement network segmentation for critical industrial control systems per CISA recommended practices
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. CISA advisory ICSA-25-226-07 underwent four revision cycles, with significant updates on 2026-02-12 (product list corrections), 2026-02-24 (configuration clarifications and rejected CVE removals), and 2026-02-25 (CISA republication based on Siemens SSA-355557). Threat assessment marks impact as 'Misinformed' for CSAFPID-0006, CSAFPID-0002, CSAFPID-0003.
Official resources
-
CVE-2024-42093 CVE record
CVE.org
-
CVE-2024-42093 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12