PatchSiren cyber security CVE debrief
CVE-2024-44999 Siemens CVE debrief
CVE-2024-44999 is a HIGH severity vulnerability (CVSS 7.1) affecting the Linux kernel's GTP (GPRS Tunneling Protocol) implementation. The flaw exists in gtp_dev_xmit() where network headers are missing, potentially leading to information disclosure and denial of service conditions. The vulnerability requires local access with low privileges, no user interaction, and can result in high impact to confidentiality and availability. Siemens has identified affected products in their industrial networking portfolio including RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 2026 to correct affected product listings and clarify configurations. Siemens provides vendor fixes through firmware updates to version 3.2 or later for affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial switches in critical infrastructure environments. Security teams managing industrial control systems utilizing GPRS Tunneling Protocol for mobile backhaul or IoT connectivity. Network administrators responsible for maintaining segmented OT environments with local access requirements.
Technical summary
The vulnerability stems from missing network headers in the gtp_dev_xmit() function within the Linux kernel's GTP implementation. This flaw can be exploited by a local attacker with low privileges to cause information disclosure and denial of service. The attack requires no user interaction and has high impact on confidentiality and availability, though integrity is not affected. The vulnerability is present in Siemens industrial networking products running SINEC OS that incorporate the affected Linux kernel components. Remediation involves updating to firmware version 3.2 or later, with specific configuration guidance provided for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor firmware updates to version 3.2 or later for affected Siemens RUGGEDCOM and SCALANCE products as specified in Siemens ProductCERT advisory
- Review network segmentation for industrial control systems to limit local access vectors
- Monitor for anomalous GTP traffic patterns in environments using GPRS Tunneling Protocol
- Implement defense-in-depth strategies per CISA ICS recommended practices for industrial control systems
- Verify affected product configurations against Siemens clarification for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family deployments
Evidence notes
Vulnerability sourced from CISA CSAF advisory ICSA-25-226-07, cross-referenced with Siemens ProductCERT SSA-355557. CVSS vector confirms local attack vector with high confidentiality and availability impact. Remediation guidance specifies firmware version 3.2 or later as vendor fix.
Official resources
-
CVE-2024-44999 CVE record
CVE.org
-
CVE-2024-44999 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12