PatchSiren cyber security CVE debrief
CVE-2024-57874 Siemens CVE debrief
A vulnerability in the Linux kernel's arm64 ptrace implementation, specifically within the tagged_addr_ctrl_set() function, allows potential memory leakage from the kernel stack. The issue stems from an uninitialized variable that can expose up to 64 bits of memory when a zero-length SETREGSET call is made. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, though the advisory marks the impact assessment as 'Misinformed' for the listed product IDs, suggesting potential clarification or correction in the scope of impact. The vulnerability was initially published on August 12, 2025, with subsequent modifications through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. Security teams managing OT/ICS environments with Linux-based embedded systems on arm64 architecture. Kernel developers and system administrators responsible for ptrace functionality on arm64 platforms.
Technical summary
The vulnerability exists in the Linux kernel's arm64 ptrace subsystem. The tagged_addr_ctrl_set() function fails to properly initialize a variable, which can lead to disclosure of up to 64 bits of kernel stack memory when processing a zero-length SETREGSET ptrace call. This represents an information disclosure weakness that could potentially aid further exploitation by revealing kernel memory contents. The vulnerability affects the confidentiality aspect of security without directly impacting integrity or availability. Siemens industrial networking products utilizing affected kernel versions in SINEC OS are identified in the advisory, though the impact classification has been marked as requiring clarification.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify SINEC OS version and kernel patch level on deployed Siemens industrial networking equipment
- Apply kernel security updates from Siemens when available, prioritizing systems with ptrace-enabled debugging or development tools
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Implement network segmentation for industrial control systems to limit exposure of potentially vulnerable devices
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
Source indicates impact marked as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. Advisory revision history shows multiple updates: initial publication (2025-08-12), corrected affected products (2026-02-12), clarified SCALANCE family configuration and removed rejected CVEs (2026-02-24), and final CISA republication based on Siemens ProductCERT SSA-355557 (2026-02-25).
Official resources
-
CVE-2024-57874 CVE record
CVE.org
-
CVE-2024-57874 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12