PatchSiren cyber security CVE debrief
CVE-2024-6197 Siemens CVE debrief
CVE-2024-6197 is a Siemens industrial product vulnerability tied to libcurl's ASN.1 UTF-8 parsing. A malformed ASN.1 field can make utf8asn1str() return an error after invoking free() on a 4-byte local stack buffer. On many systems that causes an immediate abort; on some allocator implementations it can corrupt nearby stack memory. The most likely outcome is a crash or service outage, but the advisory does not rule out more serious effects in special circumstances.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
OT/ICS operators using affected Siemens RUGGEDCOM or SCALANCE devices, asset owners running the impacted SINEC OS firmware, and security teams responsible for industrial network infrastructure, patch management, and uptime monitoring.
Technical summary
The CISA/Siemens advisory rates this issue CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The flaw is an invalid free of stack-resident memory in libcurl's ASN.1 parser. Because the vulnerable path is reachable from malformed input, the practical risk is remote denial-of-service on affected Siemens devices, with allocator-dependent stack corruption also described in the source advisory.
Defensive priority
High. Prioritize remediation for any exposed or operationally critical Siemens devices because the issue is network-reachable and primarily impacts availability in industrial environments.
Recommended defensive actions
- Update affected Siemens products to V3.3 or later, following the vendor remediation guidance.
- Confirm the exact affected model and firmware scope against Siemens SSA-089022 and the CISA republication before scheduling changes.
- Inventory Siemens devices that may process untrusted ASN.1 or certificate-related input and identify any running vulnerable firmware.
- Restrict management access, segment OT networks, and minimize exposure of affected devices to untrusted networks until patched.
- Monitor for unexpected crashes, reboots, or service interruptions on affected devices after exposure to malformed traffic.
- Use maintenance windows and vendor-supported validation steps for product-specific exceptions or additional information notes.
Evidence notes
This debrief is based on the supplied CISA CSAF republication of Siemens advisory SSA-089022 and the linked official references. The source record shows PublishedAt 2026-01-28 and ModifiedAt 2026-02-25, with revision history updates on 2026-02-12 and 2026-02-24/25 that clarified affected product families and that only SINEC OS firmware is impacted. Remediation in the source corpus recommends updating to V3.3 or later for the affected product IDs.
Official resources
-
CVE-2024-6197 CVE record
CVE.org
-
CVE-2024-6197 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-01-28 through CISA's CSAF republication of Siemens advisory SSA-089022, with subsequent republication updates through 2026-02-25.