PatchSiren cyber security CVE debrief
CVE-2024-43867 Siemens CVE debrief
This CVE describes a refcount underflow vulnerability in the drm/nouveau prime subsystem of the Linux kernel. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. According to the CISA CSAF advisory ICSA-25-226-07, this CVE was included in a Siemens ProductCERT advisory (SSA-355557) concerning third-party components in SINEC OS. However, the advisory's threat assessment categorizes the impact for affected Siemens products as 'Misinformed,' indicating that the products were incorrectly flagged as affected. The February 2026 revisions to the advisory corrected the list of affected products and moved entries to 'Known Not Affected Products.' No CVSS score or severity is available in the source data. The CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens industrial networking equipment with SINEC OS, particularly RUGGEDCOM and SCALANCE product families, should verify their advisory status. While this specific CVE was determined to be misinformed for Siemens products, organizations should maintain awareness of kernel-level vulnerabilities in embedded systems and follow vendor guidance for third-party component updates.
Technical summary
A refcount underflow vulnerability exists in the drm/nouveau prime subsystem. This Linux kernel graphics driver issue was initially included in a Siemens advisory concerning third-party components in SINEC OS industrial networking products. Subsequent advisory revisions corrected the product impact assessment to 'Misinformed,' indicating the products were not actually vulnerable to this issue. The vulnerability type suggests potential memory management issues in the kernel's Direct Rendering Manager (DRM) subsystem for NVIDIA GPUs, though the specific impact on Siemens products was determined to be incorrect.
Defensive priority
low
Recommended defensive actions
- Verify that affected Siemens industrial networking products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) are running current firmware versions as they
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
- Monitor Siemens ProductCERT advisory SSA-355557 for any future corrections or clarifications regarding affected product status
Evidence notes
The CISA CSAF advisory ICSA-25-226-07 (published 2025-08-12, modified 2026-02-25) references Siemens ProductCERT advisory SSA-355557. The threat category in the CSAF data is marked as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. Revision history shows corrections on 2026-02-12 and 2026-02-24 that moved products to 'Known Not Affected.' The CVE is not present in CISA KEV.
Official resources
-
CVE-2024-43867 CVE record
CVE.org
-
CVE-2024-43867 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12