PatchSiren cyber security CVE debrief

CVE-2024-56629 Siemens CVE debrief

CVE-2024-56629 describes a null pointer dereference vulnerability in the Linux kernel's HID Wacom driver. The issue arises when certain Wacom devices report an empty `dev->product` string, causing the driver to dereference a null pointer and potentially crash the system. While the CVE description references the Linux kernel HID subsystem, the CISA CSAF advisory ICSA-25-226-07 identifies this vulnerability as affecting Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The advisory's threat assessment categorizes the impact as 'Misinformed' for the listed product IDs, suggesting the vulnerability may have been initially reported as affecting these products but subsequent analysis clarified the actual impact. The advisory was initially published on August 12, 2025, and underwent multiple revisions through February 2026, including corrections to the affected products list and removal of several rejected CVEs. Organizations running the identified Siemens products should consult the vendor's security advisory for definitive guidance on affected configurations and remediation status.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE X-family industrial Ethernet switches running SINEC OS should monitor this advisory, though the current assessment indicates the impact may have been misidentified. Linux system administrators managing workstations with Wacom input devices should ensure kernel updates are applied to address the underlying driver issue. Industrial control system security teams should track CISA ICS advisories for clarification on actual product impact.

Technical summary

The vulnerability exists in the Linux kernel's HID (Human Interface Device) Wacom driver. When certain Wacom hardware devices report an empty product string via `dev->product`, the driver's handling code performs operations on this null or empty value, resulting in a null pointer dereference. This can trigger a kernel oops or system crash. The underlying Linux kernel issue affects systems with Wacom input devices attached. However, the applicability to Siemens industrial networking products (which typically do not have Wacom tablets attached) appears to be the subject of the 'Misinformed' impact assessment in the CISA advisory. The discrepancy between the kernel-level vulnerability description and the industrial networking product context suggests either a supply chain component relationship (SINEC OS incorporating affected kernel code) or an initial misidentification subsequently corrected in advisory revisions.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 for current affected product status
Verify SINEC OS version and installed kernel packages on RUGGEDCOM and SCALANCE devices
Apply vendor-provided patches or updates when available per Siemens guidance
Monitor CISA ICS advisories for additional updates to ICSA-25-226-07
Implement network segmentation for industrial control systems as recommended in CISA ICS best practices

Evidence notes

The CISA CSAF advisory ICSA-25-226-07 (revision 4, dated 2026-02-25) is the primary source for product impact assessment. The advisory's threat section explicitly marks impact as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The revision history indicates significant changes to affected product listings, with entries moved to 'Known Not Affected Products' in the February 2026 update. The Siemens ProductCERT advisory SSA-355557 is cited as the basis for the final republication.

Official resources

2025-08-12