PatchSiren cyber security CVE debrief
CVE-2024-56644 Siemens CVE debrief
A memory leak vulnerability exists in the Linux kernel's IPv6 networking subsystem. Specifically, destination (dst) objects are leaked in the `ip6_negative_advice()` function when executed for an expired IPv6 route located in the exception table. This flaw can lead to resource exhaustion over time, potentially causing denial of service conditions on affected systems. The vulnerability has been resolved in the upstream Linux kernel. Siemens has identified this vulnerability as affecting multiple industrial networking products running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE switch families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM and SCALANCE product lines in manufacturing, energy, transportation, and critical infrastructure sectors. Security teams responsible for OT/ICS asset management and patch deployment should prioritize this update within standard maintenance windows given the medium severity and local attack vector constraints.
Technical summary
The vulnerability resides in `net/ipv6` where `ip6_negative_advice()` fails to release destination cache (dst) objects when processing expired IPv6 routes in the exception table. This results in a memory leak (CWE-401) that can accumulate over time. The local attack vector with high attack complexity and low privileges required limits exploitability, but availability impact is rated high. Affected Siemens products include RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family running vulnerable SINEC OS versions. Remediation requires updating to SINEC OS V3.2 or later.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT SSA-355557 for specific configuration guidance
- Monitor system resource utilization for signs of memory exhaustion on affected industrial networking equipment
- Implement network segmentation to limit exposure of affected industrial control systems
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
CVE published 2025-08-12 per official CVE record. Modified 2026-02-25. Source CISA CSAF advisory ICSA-25-226-07 published 2025-08-12, modified 2026-02-25. Siemens ProductCERT SSA-355557 referenced as authoritative vendor advisory. CVSS 3.1 vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H yields score 4.7 (MEDIUM). CWE-401 (Missing Release of Memory after Effective Lifetime) applies.
Official resources
-
CVE-2024-56644 CVE record
CVE.org
-
CVE-2024-56644 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12