CVE-2024-42153 Siemens CVE debrief

Who should care

Operators of Siemens industrial networking infrastructure, OT security teams managing SCALANCE and RUGGEDCOM deployments, and organizations with SINEC OS-based control systems should prioritize monitoring vendor patch releases.

Technical summary

The vulnerability exists in the Linux kernel I2C PNX driver where `del_timer_sync()` is invoked within an interrupt service routine. This function blocks until the timer callback completes, which can deadlock if the callback attempts to acquire locks already held by the ISR context. The defect manifests as kernel warnings and potential system hangs. Affected Siemens products include SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches and RUGGEDCOM RST2428P devices running SINEC OS. The CISA advisory republished 2026-02-25 reflects updated product impact assessments from Siemens.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-355557 for affected product configurations and patch availability
• Apply vendor-provided firmware updates for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and RUGGEDCOM RST2428P when available
• Monitor system logs for kernel deadlock warnings related to I2C operations
• Implement network segmentation for affected industrial control devices per CISA ICS recommended practices
• Establish maintenance windows for controlled patching of critical infrastructure components

Evidence notes

The CISA CSAF advisory ICSA-25-226-07, republished 2026-02-25, identifies this CVE as affecting Siemens industrial networking products running SINEC OS. The advisory's threat assessment categorizes the impact as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The underlying issue is a Linux kernel I2C driver defect where timer synchronization in interrupt context creates deadlock potential. Siemens ProductCERT SSA-355557 provides the authoritative vendor security advisory.

Official resources