PatchSiren cyber security CVE debrief
CVE-2024-43861 Siemens CVE debrief
CVE-2024-43861 is a memory leak vulnerability in the Linux kernel's qmi_wwan USB network driver, specifically affecting non-IP packets. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens ProductCERT issued advisory SSA-355557 addressing this issue in their SINEC OS-based products, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA republished this advisory as ICSA-25-226-07. The vulnerability has a CVSS score of 7.5 (HIGH severity). According to the source advisory, the impact assessment for affected products was marked as 'Misinformed,' indicating potential corrections to initial impact assessments. The advisory underwent multiple revisions, with the most significant update on 2026-02-25 clarifying affected configurations and removing rejected CVEs from the advisory. No known exploitation in ransomware campaigns has been reported (not listed in CISA KEV).
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment with SINEC OS, particularly those utilizing USB-based cellular connectivity through QMI WWAN modems. This includes critical infrastructure operators in utilities, transportation, and manufacturing sectors deploying RUGGEDCOM and SCALANCE product families.
Technical summary
The vulnerability exists in the qmi_wwan driver within the Linux kernel's USB networking subsystem. When processing non-IP packets, the driver fails to properly free allocated memory, resulting in a memory leak condition. This can lead to resource exhaustion over time, potentially causing denial of service conditions on affected systems. The QMI (Qualcomm MSM Interface) WWAN driver is commonly used for USB-based cellular modems in embedded and industrial systems.
Defensive priority
HIGH
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance and patch availability
- Verify SINEC OS version on affected Siemens devices (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family)
- Apply vendor-provided firmware updates addressing the qmi_wwan memory leak when available
- Monitor network traffic for anomalous patterns that could indicate memory exhaustion on affected devices
- Implement network segmentation to limit exposure of industrial control systems using QMI WWAN USB modems
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Disable or remove QMI WWAN USB modems if not required for operational functionality
Evidence notes
Source: CISA CSAF advisory ICSA-25-226-07, republished from Siemens ProductCERT SSA-355557. Advisory revision history shows four updates, with the latest on 2026-02-25 clarifying affected product configurations. Impact marked as 'Misinformed' in threat data. Not listed in CISA KEV.
Official resources
-
CVE-2024-43861 CVE record
CVE.org
-
CVE-2024-43861 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12