PatchSiren cyber security CVE debrief
CVE-2024-56659 Siemens CVE debrief
A vulnerability in the Linux kernel's LAPB (Link Access Procedure, Balanced) networking code creates uncertainty about 802.1Q VLAN readiness, potentially causing system crashes. The issue affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and multiple SCALANCE switch families. Siemens has released firmware updates to address this vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly in critical infrastructure and manufacturing environments using RUGGEDCOM or SCALANCE devices. Security teams responsible for OT/ICS network segmentation and availability. System administrators managing SINEC OS-based deployments.
Technical summary
The vulnerability exists in the Linux kernel's net/lapb implementation, where uncertainty about 802.1Q VLAN tag handling readiness may lead to system crashes. The LAPB (Link Access Procedure, Balanced) protocol is used in X.25 networks and certain industrial communication scenarios. When 802.1Q-tagged frames interact with the LAPB code path, improper handling may trigger crashes. This represents an availability-only impact with no confidentiality or integrity effects. The attack requires local access with low privileges, making exploitation dependent on prior system access.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens RUGGEDCOM RST2428P devices to firmware version V3.2 or later
- Update affected Siemens SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to firmware version V3.2 or later
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update to V3.2 or later
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
- Monitor network traffic for anomalous LAPB protocol behavior on affected devices
- Restrict physical and logical access to affected devices to authorized personnel only
Evidence notes
The vulnerability description indicates uncertainty about 802.1Q VLAN compatibility in the net/lapb code path, which may result in crashes. This is classified as CWE-20 (Improper Input Validation). The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low attack complexity, requiring low privileges, resulting in high availability impact. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. CISA republished this advisory based on Siemens ProductCERT SSA-355557.
Official resources
-
CVE-2024-56659 CVE record
CVE.org
-
CVE-2024-56659 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public