PatchSiren cyber security CVE debrief
CVE-2024-44998 Siemens CVE debrief
CVE-2024-44998 describes a use-after-free vulnerability in the Linux kernel's ATM (Asynchronous Transfer Mode) driver, specifically in the idt77252 driver's dequeue_rx() function. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has assessed this CVE as affecting certain industrial networking products that incorporate third-party Linux components, including the RUGGEDCOM RST2428P and SCALANCE X-family devices running SINEC OS. However, the CISA advisory ICSA-25-226-07 marks the impact assessment as 'Misinformed' for the affected product IDs, suggesting potential clarification or correction in the vulnerability's applicability to these specific Siemens products. The advisory underwent multiple revisions, with the most significant update on February 25, 2026, republishing based on Siemens ProductCERT's SSA-355557 advisory. Organizations should verify actual affected status through Siemens ProductCERT documentation and apply kernel updates as appropriate for their Linux-based systems.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment running SINEC OS, particularly SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches. Linux system administrators managing ATM networking infrastructure. Industrial control system operators relying on ATM-based WAN connectivity. Security teams tracking third-party component vulnerabilities in embedded industrial systems.
Technical summary
A use-after-free condition exists in the dequeue_rx() function of the Linux kernel's ATM (Asynchronous Transfer Mode) idt77252 driver. This vulnerability type typically occurs when memory is freed while still being referenced, potentially leading to memory corruption, denial of service, or code execution. The vulnerability affects kernel-level networking code handling ATM receive queue operations. Siemens has included this CVE in their assessment of third-party Linux components present in SINEC OS, which powers various industrial Ethernet switches including SCALANCE X-family and RUGGEDCOM devices. However, the CISA advisory marks the impact as 'Misinformed' for the listed product IDs, indicating the need for verification against Siemens' authoritative ProductCERT guidance.
Defensive priority
MEDIUM
Recommended defensive actions
- Verify actual affected status through Siemens ProductCERT SSA-355557 documentation before prioritizing response actions
- Review kernel version and ATM driver configuration on Linux-based industrial systems
- Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM products when confirmed applicable
- Monitor CISA ICS advisories for updates to ICSA-25-226-07 as the advisory has undergone multiple revisions
- Implement network segmentation for ATM-related network infrastructure pending clarification of affected status
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. Source CISA ICSA-25-226-07. Impact marked 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, CSAFPID-0003. Advisory revised 4 times, with final republication based on Siemens SSA-355557.
Official resources
-
CVE-2024-44998 CVE record
CVE.org
-
CVE-2024-44998 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12