CVE-2024-45025 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P devices or SCALANCE XC/XR/XCM/XRM/XCH/XRH switch families in critical infrastructure environments. OT security teams, network administrators, and asset owners in manufacturing, energy, transportation, and other industrial sectors relying on SINEC OS-based devices should prioritize this update to prevent potential denial of service conditions that could disrupt industrial operations.

Technical summary

CVE-2024-45025 is a vulnerability in the Linux kernel's close_range() system call implementation, specifically affecting the copy_fd_bitmaps function when the CLOSE_RANGE_UNSHARE flag is used. This results in bitmap corruption that can cause denial of service conditions. The vulnerability manifests in Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P platform and multiple SCALANCE switch families. The issue is locally exploitable with low complexity and requires low privileges, but has no confidentiality or integrity impact—only high availability impact. Siemens has addressed this through SINEC OS updates to version 3.2 or later. The vulnerability was initially disclosed in August 2025 and the advisory was significantly updated in February 2026 to clarify affected product configurations and remove rejected CVE entries from the advisory scope.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided updates to version 3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and available updates
• Implement network segmentation for industrial control systems to limit exposure of affected devices
• Monitor for anomalous behavior or unexpected process terminations that could indicate exploitation attempts
• Follow CISA ICS recommended practices for defense-in-depth strategies
• Review and apply Siemens security advisories as they are published for SINEC OS-based products

Evidence notes

The vulnerability description and affected products are sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The CVSS score and vector are derived from the official CISA CSAF data. Timeline information reflects the CVE publication date of August 12, 2025, and the most recent modification on February 25, 2026, per the source advisory revision history.

Official resources