PatchSiren cyber security CVE debrief

CVE-2024-47713 Siemens CVE debrief

CVE-2024-47713 is a vulnerability in the Linux kernel's mac80211 wireless networking subsystem, specifically within the ieee80211_do_stop() function. The issue stems from a two-phase socket buffer (skb) reclamation implementation intended to avoid warnings and potential problems when calling __dev_queue_xmit() with interrupts disabled. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this CVE as affecting its RUGGEDCOM RST2428P (6GK6242-6PA00) product, along with SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, through their SINEC OS platform. The vulnerability originates from third-party Linux kernel components integrated into Siemens industrial networking products. CISA republished this advisory based on Siemens ProductCERT SSA-355557 advisory on February 25, 2026. The threat assessment categorizes the impact as 'Misinformed' for the affected product IDs. No CVSS score or severity rating is currently available in the source data.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-04-09
Original CVE updated: 2026-05-14
Advisory published: 2024-04-09
Advisory updated: 2026-05-14

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family devices with wireless capabilities through SINEC OS. Industrial control system operators using Siemens wireless networking infrastructure should prioritize assessment. Security teams responsible for OT/ICS environments with wireless network segments. Organizations subject to NERC CIP or other critical infrastructure cybersecurity regulations with Siemens wireless equipment deployed.

Technical summary

CVE-2024-47713 affects the mac80211 subsystem in the Linux kernel, specifically the ieee80211_do_stop() function. The vulnerability relates to improper handling of socket buffer (skb) reclamation in a two-phase implementation designed to prevent warnings when __dev_queue_xmit() is called with interrupts disabled. This is a third-party component vulnerability affecting Siemens industrial networking products running SINEC OS. The mac80211 subsystem is the Linux kernel's framework for IEEE 802.11 (Wi-Fi) device drivers, and vulnerabilities in this code can affect wireless interface stability and potentially security boundaries. The specific technical impact depends on the exact nature of the skb reclamation issue, which may involve memory management or race conditions in the wireless interface teardown path.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance and patch availability
Verify SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family device configuration to determine affected status
Monitor CISA ICS advisories for updates to ICSA-25-226-07
Apply kernel updates or vendor-provided patches for SINEC OS when available
Implement network segmentation for affected industrial wireless infrastructure per CISA ICS recommended practices
Assess wireless network interfaces on affected RUGGEDCOM and SCALANCE devices for exposure

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The affected product list was corrected in a February 12, 2026 revision, and further clarified on February 24, 2026 regarding SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configuration. The February 25, 2026 republication by CISA was based on the latest Siemens advisory. The threat category 'Misinformed' suggests potential for incorrect security decisions based on incomplete or inaccurate information about the vulnerability's actual impact or affected status.

Official resources

2025-08-12