PatchSiren cyber security CVE debrief
CVE-2024-42229 Siemens CVE debrief
A cryptographic key buffer zeroization vulnerability in Linux kernel crypto (aead,cipher) subsystems, affecting Siemens industrial network infrastructure products running SINEC OS. The flaw leaves key material in memory after cryptographic operations complete, potentially exposing sensitive key data to memory disclosure attacks. CISA and Siemens published coordinated advisories in August 2025, with subsequent revisions through February 2026 correcting affected product listings and clarifying configuration-specific exposure for SCALANCE switch families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
OT security engineers managing Siemens SCALANCE or RUGGEDCOM infrastructure; industrial network administrators responsible for firmware maintenance; cryptography engineers evaluating kernel-level key handling; compliance auditors assessing cryptographic implementation standards; incident response teams investigating potential key exposure in industrial environments
Technical summary
The vulnerability exists in the Linux kernel's crypto API, specifically the AEAD (Authenticated Encryption with Associated Data) and symmetric cipher implementations. After cryptographic operations complete, key buffers are not explicitly zeroized (cleared), leaving sensitive key material resident in memory. This violates cryptographic best practices for secure key handling and could allow an attacker with memory read capabilities to recover key material. The flaw affects Siemens industrial networking products incorporating vulnerable Linux kernel versions within SINEC OS, including SCALANCE switch families and RUGGEDCOM devices. Exploitation requires either local access to execute memory disclosure primitives or adjacent network positioning to leverage other vulnerabilities for memory access. The CVSS 4.1 MEDIUM score reflects this attack complexity constraint rather than low severity of the cryptographic weakness itself.
Defensive priority
medium
Recommended defensive actions
- Review Siemens SSA-355557 security advisory for definitive affected product and patch status
- Verify SINEC OS and firmware versions on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and RUGGEDCOM RST2428P deployments
- Apply Siemens-provided firmware updates when available per vendor maintenance schedule
- Implement network segmentation for industrial control systems per CISA ICS recommended practices
- Monitor for anomalous memory access patterns or privilege escalation attempts on affected devices
- Ensure cryptographic key rotation procedures account for potential historical exposure windows
Evidence notes
CISA CSAF advisory ICSA-25-226-07 published 2025-08-12; revised 2026-02-12, 2026-02-24, and 2026-02-25 to correct product scope and remove rejected CVEs. Siemens SSA-355557 provides authoritative product-specific guidance. CVSS 4.1 MEDIUM severity reflects limited attack surface requiring local or adjacent network access to exploit memory disclosure.
Official resources
-
CVE-2024-42229 CVE record
CVE.org
-
CVE-2024-42229 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Coordinated disclosure via CISA ICS advisory and Siemens ProductCERT