CVE-2024-42105 Siemens CVE debrief

Who should care

Operators of Siemens RUGGEDCOM RST2428P and SCALANCE XC/XR/XCM/XRM/XCH/XRH families running SINEC OS; industrial control system security teams tracking third-party Linux kernel vulnerabilities in OT environments

Technical summary

The nilfs2 filesystem in the Linux kernel contains a use-after-free condition. This CVE was included in CISA advisory ICSA-25-226-07 covering third-party components in Siemens SINEC OS, which powers RUGGEDCOM and SCALANCE industrial network devices. However, the source advisory explicitly categorizes impact as 'Misinformed' for the affected product identifiers, suggesting the CVE may have been incorrectly associated with these products. The nilfs2 filesystem is a log-structured file system not commonly deployed on industrial network appliances, which typically use standard filesystems like ext4 or proprietary implementations. Multiple advisory revisions (2026-02-12, 2026-02-24, 2026-02-25) corrected product listings and removed rejected CVEs, indicating ongoing accuracy improvements to the advisory.

Defensive priority

low

Recommended defensive actions

• Verify whether nilfs2 filesystem is enabled or accessible on affected Siemens devices; nilfs2 is not typically used in industrial network appliance deployments
• Monitor Siemens ProductCERT advisory SSA-355557 for definitive product impact confirmation
• Apply SINEC OS security updates as directed by Siemens ProductCERT when available
• Review CISA ICS recommended practices for defense-in-depth strategies for industrial control systems

Evidence notes

Source CISA CSAF advisory ICSA-25-226-07 marks impact as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003, which include RUGGEDCOM RST2428P and SCALANCE families. Advisory revision history shows multiple corrections to affected product listings. No CVSS vector or score present in source.

Official resources