PatchSiren cyber security CVE debrief
CVE-2025-21694 Siemens CVE debrief
A softlockup vulnerability in the Linux kernel's fs/proc subsystem, specifically in the __read_vmcore function, affects Siemens industrial networking products running SINEC OS. The vulnerability can cause a denial-of-service condition through high availability impact when exploited locally with high privileges.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500/XCM-/XRM-/XCH-/XRH-300 family industrial networking equipment in critical infrastructure environments, including utilities, transportation, and manufacturing sectors. Security teams responsible for OT/ICS asset management and patch deployment should prioritize assessment and remediation.
Technical summary
CVE-2025-21694 is a vulnerability in the Linux kernel's proc filesystem implementation, specifically within the __read_vmcore function. The flaw can trigger a softlockup condition, resulting in a denial-of-service with high availability impact. The vulnerability requires local access with high privileges to exploit, and has no impact on confidentiality or integrity. Affected products include Siemens RUGGEDCOM RST2428P switches and multiple SCALANCE industrial Ethernet switch families running SINEC OS. Siemens has released firmware updates to address this vulnerability.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update instructions
- Implement network segmentation for industrial control systems to limit local access to affected devices
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor device logs for unexpected softlockup or system hang conditions that may indicate exploitation attempts
Evidence notes
CISA published advisory ICSA-25-226-07 on August 12, 2025, identifying this CVE as affecting Siemens RUGGEDCOM and SCALANCE product families. The advisory was subsequently updated on February 25, 2026, to reflect corrections to the affected product list and clarifications on product configurations. Siemens ProductCERT issued advisory SSA-355557 providing vendor remediation guidance.
Official resources
-
CVE-2025-21694 CVE record
CVE.org
-
CVE-2025-21694 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public