PatchSiren cyber security CVE debrief
CVE-2024-43880 Siemens CVE debrief
CVE-2024-43880 is a MEDIUM-severity vulnerability (CVSS 5.5) affecting the mlxsw (Mellanox switch) driver in the Linux kernel, specifically within the spectrum_acl_erp component. The issue involves an object nesting warning that could lead to misinformed system behavior. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and select SCALANCE X families. The vulnerability was published on August 12, 2025, with subsequent advisory updates through February 25, 2026, clarifying affected product configurations and removing rejected CVEs from related advisories.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Industrial control system operators, critical infrastructure security teams, Siemens networking equipment administrators, OT security practitioners, and organizations utilizing RUGGEDCOM or SCALANCE industrial Ethernet switches in manufacturing, energy, transportation, or other industrial environments.
Technical summary
The vulnerability exists in the mlxsw (Mellanox switch) driver's spectrum_acl_erp component, which handles Access Control List Exact Match Pattern operations. The 'object nesting warning' suggests improper handling of nested data structures that could result in misinformed system states. This kernel-level issue affects Siemens industrial networking equipment running SINEC OS, including the RUGGEDCOM RST2428P and specific SCALANCE X family configurations. The vulnerability requires local access or specific network conditions to exploit, consistent with its MEDIUM CVSS severity rating.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance and patch availability
- Verify SINEC OS version and affected product configurations against Siemens security advisory
- Apply vendor-provided firmware updates when available for RUGGEDCOM RST2428P and affected SCALANCE X family devices
- Monitor network traffic for anomalous behavior in affected industrial control systems
- Implement network segmentation for critical industrial control system components per CISA ICS recommended practices
Evidence notes
The vulnerability description 'mlxsw: spectrum_acl_erp: object nesting warning' indicates a kernel driver issue in the Mellanox switch spectrum ACL ERP (Exact Match Pattern) component. The CISA CSAF advisory ICSA-25-226-07, republished February 25, 2026, marks this CVE's impact as 'Misinformed' for affected Siemens products. The advisory revision history shows multiple updates correcting affected product lists and clarifying configuration details for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family.
Official resources
-
CVE-2024-43880 CVE record
CVE.org
-
CVE-2024-43880 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12