PatchSiren cyber security CVE debrief
CVE-2024-42247 Siemens CVE debrief
CVE-2024-42247 is a MEDIUM severity vulnerability (CVSS 5.5) in the WireGuard kernel module's allowedips component, specifically involving unaligned 64-bit memory accesses. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. The issue stems from improper memory alignment handling in the WireGuard allowedips implementation, which could lead to undefined behavior or potential system instability on architectures sensitive to unaligned memory access. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and select SCALANCE product families. The CISA advisory ICSA-25-226-07, which tracks this issue, underwent multiple revisions—most recently on February 25, 2026—to clarify affected product configurations and remove rejected CVEs from the advisory. Notably, the threat assessment for this specific CVE is marked as 'Misinformed' in the source data, suggesting potential discrepancies in initial impact reporting. Organizations operating affected Siemens industrial networking equipment should consult the vendor's security advisory for definitive patch status and affected product verification.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure with VPN capabilities, particularly those in critical infrastructure sectors (energy, manufacturing, transportation) using RUGGEDCOM or SCALANCE devices with remote access requirements. Security teams responsible for OT/ICS network segmentation and secure remote access should prioritize verification of affected device inventories.
Technical summary
The vulnerability exists in the WireGuard Linux kernel module's allowedips implementation, where unaligned 64-bit memory accesses may occur. This class of issue can cause performance degradation, kernel panics, or undefined behavior on architectures that do not natively support unaligned memory access (such as certain ARM, RISC-V, or older x86 implementations). The affected code path involves IP address range matching in WireGuard's peer allowed-IP configuration. Siemens industrial networking products incorporating vulnerable Linux kernel versions with WireGuard support are affected when SINEC OS enables the WireGuard module.
Defensive priority
medium
Recommended defensive actions
- Verify whether deployed Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices are running affected SINEC OS versions
- Consult Siemens ProductCERT advisory SSA-355557 for definitive affected product list and patch availability
- Apply vendor-provided firmware updates when available, prioritizing externally accessible WireGuard endpoints
- Monitor CISA ICS advisories for additional guidance on industrial control system defensive measures
- Review network segmentation to limit exposure of WireGuard-enabled industrial devices
- resourceLinkAnnotations: [ref-4, ref-5, ref-6, ref-8]
Evidence notes
Source indicates 'Misinformed' threat category for this CVE; advisory underwent four revision cycles with final update on 2026-02-25 to align with Siemens ProductCERT SSA-355557
Official resources
-
CVE-2024-42247 CVE record
CVE.org
-
CVE-2024-42247 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12