PatchSiren cyber security CVE debrief
CVE-2024-43879 Siemens CVE debrief
CVE-2024-43879 is a vulnerability in the Linux kernel's cfg80211 wireless configuration subsystem. The issue stems from an unhandled case in the `cfg80211_calculate_bitrate_he()` function, specifically the `NL80211_RATE_INFO_HE_RU_ALLOC_2x996` resource unit allocation value for HE (High Efficiency/Wi-Fi 6) rate calculations. When this value is encountered, the function fails to process it, resulting in a kernel warning. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches, though the CISA advisory marks the impact as 'Misinformed' for these products. No CVSS score or severity has been assigned. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment with Wi-Fi 6 capabilities, particularly those using RUGGEDCOM RST2428P or SCALANCE X-family switches in SINEC OS environments. OT security teams responsible for wireless industrial networks should monitor for kernel updates. Network administrators leveraging HE (Wi-Fi 6) features for high-throughput industrial wireless applications should verify their exposure to this warning condition.
Technical summary
The vulnerability exists in the Linux kernel's cfg80211 subsystem, which provides the configuration interface for wireless devices. The `cfg80211_calculate_bitrate_he()` function calculates bitrates for IEEE 802.11ax (Wi-Fi 6/HE) connections but lacks a case handler for the `NL80211_RATE_INFO_HE_RU_ALLOC_2x996` resource unit allocation. This 2x996-tone RU allocation is a valid HE PHY configuration that can be signaled in rate information. When received, the unhandled case triggers a kernel warning via the default case in the switch statement. While this results in a warning rather than a crash or code execution, it indicates incomplete HE rate calculation logic that could affect wireless performance metrics or trigger unnecessary logging noise on affected systems.
Defensive priority
low
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for patch availability and affected product configurations
- Monitor SINEC OS update channels for kernel security fixes addressing cfg80211
- Assess Wi-Fi 6 (HE) feature usage on affected industrial switches to determine exposure
- Apply defense-in-depth practices for industrial control systems per CISA guidance
- Verify network segmentation between wireless and critical OT networks
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The threat category in the source data is marked as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. No CVSS vector or score is provided in the source corpus. The CVE is not present in CISA KEV.
Official resources
-
CVE-2024-43879 CVE record
CVE.org
-
CVE-2024-43879 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12