PatchSiren cyber security CVE debrief
CVE-2024-47619 Siemens CVE debrief
CVE-2024-47619 describes a TLS certificate hostname-checking flaw where syslog-ng’s wildcard matcher accepted invalid patterns such as "foo.*.bar" and partial wildcards like "foo.a*c.bar". In the Siemens/CISA advisory context, the issue is mapped to SINEC OS firmware on affected RUGGEDCOM and SCALANCE products. Because the flaw is network-reachable and can affect TLS connection trust, it matters most where these devices rely on certificate validation for secure management or data exchange.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
Operators and maintainers of Siemens industrial networking equipment, especially environments running the affected SINEC OS firmware on listed RUGGEDCOM and SCALANCE products. OT security teams, network administrators, and asset owners responsible for TLS-secured device communication should prioritize review.
Technical summary
The flaw is a certificate wildcard matching error in tls_wildcard_match() that can incorrectly treat disallowed wildcard certificates as valid. The supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) indicates a network-exploitable issue with no privileges or user interaction required and a primary integrity impact. The advisory’s revision history later clarifies that only SINEC OS firmware is impacted and expands the affected product list. Siemens’ remediation is to update impacted products to V3.3 or later.
Defensive priority
High. Prioritize if any affected Siemens product is deployed in a TLS-trusting role, especially in OT environments where certificate validation is used to protect management or telemetry traffic.
Recommended defensive actions
- Inventory Siemens RUGGEDCOM and SCALANCE devices and confirm whether they run the affected SINEC OS firmware.
- Apply Siemens’ recommended update to V3.3 or later on impacted products.
- Validate that deployed certificates and hostname-matching rules do not rely on invalid or partial wildcard patterns.
- Review TLS trust paths and management-plane access to reduce exposure to interception or certificate spoofing.
- Monitor Siemens ProductCERT and the CISA republication for any further scope clarifications or update guidance.
Evidence notes
Primary evidence comes from the CISA CSAF source item and Siemens ProductCERT references tied to ICSA-26-043-06 / SSA-089022. The supplied revision history shows the advisory was first published on 2026-01-28, later republished, and then clarified on 2026-02-24/2026-02-25 to state that only SINEC OS firmware is impacted while adding additional affected product families. No KEV listing or ransomware linkage was provided in the source corpus.
Official resources
-
CVE-2024-47619 CVE record
CVE.org
-
CVE-2024-47619 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-26-043-06 on 2026-01-28, with later republication updates through 2026-02-25 based on Siemens ProductCERT SSA-089022.