PatchSiren cyber security CVE debrief
CVE-2024-56690 Siemens CVE debrief
A vulnerability in the Linux kernel's parallel crypto processing layer (pcrypt) affects Siemens industrial network devices running SINEC OS. When the padata_do_parallel() function returns -EBUSY, the crypto layer is not properly invoked, potentially causing cryptographic operations to fail or behave unpredictably. This local vulnerability requires low privileges to exploit and can result in high availability impact. The issue was disclosed in CISA advisory ICSA-25-226-07 on August 12, 2025, with subsequent updates through February 25, 2026 clarifying affected product configurations. Siemens has released firmware updates to address this vulnerability in affected RUGGEDCOM and SCALANCE product families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial network devices; critical infrastructure operators using Siemens industrial Ethernet switches; security teams responsible for OT/ICS network security; asset owners following CISA ICS security advisories.
Technical summary
The vulnerability exists in the Linux kernel's pcrypt (parallel crypto) implementation. When padata_do_parallel() returns -EBUSY (indicating the parallel data processing system is busy), the code fails to properly fall back to direct crypto layer invocation. This can cause cryptographic operations to fail, leading to potential denial of service conditions. The issue is classified as CWE-20 (Improper Input Validation). The vulnerability requires local access with low privileges and has no confidentiality or integrity impact, but high availability impact. Affected Siemens products incorporate vulnerable Linux kernel versions in their SINEC OS firmware.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and available updates
- Implement network segmentation for industrial control systems to limit local access
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor Siemens ProductCERT security advisories for additional updates to affected product configurations
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. CISA advisory ICSA-25-226-07 initially published 2025-08-12 with revision history showing updates on 2026-02-12 (corrected affected products), 2026-02-24 (clarified SCALANCE family configurations, removed rejected CVEs), and 2026-02-25 (CISA republication based on Siemens SSA-355557). CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Affected products: RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family.
Official resources
-
CVE-2024-56690 CVE record
CVE.org
-
CVE-2024-56690 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12