Siemens SINEC OS

Act NowCVSS 9.8ICS-CERT ICSA-25-226-15Aug 12, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SINEC OS in Siemens RUGGEDCOM RST2428P and SCALANCE XCM/XRM/XCH/XRH-300 devices before version 3.1 contains multiple vulnerabilities in third-party components including memory safety flaws (null pointer dereferences, buffer overflows, use-after-free), improper input validation, and missing authentication checks. These vulnerabilities allow unauthenticated remote attackers to execute arbitrary code on the devices with CVSS 9.8 critical severity.

What this means

What could happen

An attacker can remotely execute arbitrary code on RUGGEDCOM and SCALANCE network devices running SINEC OS before version 3.1, potentially disrupting communications, alter network configuration, or disable critical plant connectivity without authentication.

Who's at risk

Water authorities, electric utilities, and other critical infrastructure operators using Siemens RUGGEDCOM RST2428P switches (model 6GK6242-6PA00) or SCALANCE XCM, XRM, XCH, or XRH series 300 industrial managed switches for network communication and redundancy. These devices typically interconnect PLCs, RTUs, HMIs, and field equipment in water treatment, power distribution, and industrial automation systems.

How it could be exploited

An attacker on a network with access to an affected device can send crafted network requests to exploit multiple third-party component vulnerabilities in SINEC OS. No authentication is required, and the attack complexity is low due to the lack of input validation and memory safety flaws.

Prerequisites

Network access to the affected device
Device running SINEC OS version prior to 3.1
No authentication required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (86.1%)affects network infrastructure critical to operations

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RST2428P (6GK6242-6PA00)< 3.13.1

SCALANCE XCM-/XRM-/XCH-/XRH-300 family< 3.13.1

Remediation & Mitigation

0/5

Do now

0/4

RUGGEDCOM RST2428P (6GK6242-6PA00)

HOTFIXUpdate RUGGEDCOM RST2428P (6GK6242-6PA00) to firmware version 3.1 or later

SCALANCE XCM-/XRM-/XCH-/XRH-300 family

HOTFIXUpdate SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to firmware version 3.1 or later

All products

WORKAROUNDRestrict network access to affected RUGGEDCOM and SCALANCE devices using firewall rules—allow only traffic from authorized management and engineering workstations

HARDENINGImplement network segmentation to isolate RUGGEDCOM and SCALANCE devices from business networks and the internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote management of these devices is required, require use of a VPN to access them

CVEs (381)

CVE-2024-6232 CVE-2024-2511 CVE-2024-5535 CVE-2023-5678 CVE-2021-44879 CVE-2022-48655 CVE-2022-48772 CVE-2022-48935 CVE-2023-3567 CVE-2023-5178 CVE-2023-5717 CVE-2023-6040 CVE-2023-6121 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 CVE-2023-35827 CVE-2023-39198 CVE-2023-45863 CVE-2023-46343 CVE-2023-51779 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782 CVE-2023-52340 CVE-2023-52433 CVE-2023-52435 CVE-2023-52475 CVE-2023-52477 CVE-2023-52478 CVE-2023-52486 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52509 CVE-2023-52510 CVE-2023-52581 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52606 CVE-2023-52607 CVE-2023-52615 CVE-2023-52617 CVE-2023-52619 CVE-2023-52622 CVE-2023-52623 CVE-2023-52637 CVE-2023-52654 CVE-2023-52655 CVE-2023-52670 CVE-2023-52753 CVE-2023-52764 CVE-2023-52774 CVE-2023-52784 CVE-2023-52789 CVE-2023-52791 CVE-2023-52796 CVE-2023-52799 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52809 CVE-2023-52810 CVE-2023-52813 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52832 CVE-2023-52835 CVE-2023-52836 CVE-2023-52838 CVE-2023-52840 CVE-2023-52843 CVE-2023-52845 CVE-2023-52847 CVE-2023-52853 CVE-2023-52855 CVE-2023-52858 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52871 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52879 CVE-2023-52881 CVE-2023-52882 CVE-2023-52887 CVE-2023-52918 CVE-2023-52919 CVE-2024-0193 CVE-2024-0584 CVE-2024-0646 CVE-2024-0841 CVE-2024-1086 CVE-2024-4603 CVE-2024-4741 CVE-2024-6119 CVE-2024-25741 CVE-2024-26581 CVE-2024-26593 CVE-2024-26598 CVE-2024-26600 CVE-2024-26602 CVE-2024-26606 CVE-2024-26615 CVE-2024-26625 CVE-2024-26635 CVE-2024-26636 CVE-2024-26645 CVE-2024-26663 CVE-2024-26664 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26679 CVE-2024-26684 CVE-2024-26685 CVE-2024-26688 CVE-2024-26696 CVE-2024-26697 CVE-2024-26702 CVE-2024-26704 CVE-2024-26720 CVE-2024-26722 CVE-2024-26735 CVE-2024-26736 CVE-2024-26748 CVE-2024-26749 CVE-2024-26751 CVE-2024-26752 CVE-2024-26754 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26772 CVE-2024-26773 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26788 CVE-2024-26790 CVE-2024-26791 CVE-2024-26793 CVE-2024-26801 CVE-2024-26804 CVE-2024-26805 CVE-2024-26825 CVE-2024-26835 CVE-2024-26839 CVE-2024-26840 CVE-2024-26845 CVE-2024-26900 CVE-2024-26910 CVE-2024-26923 CVE-2024-26924 CVE-2024-26926 CVE-2024-26988 CVE-2024-26993 CVE-2024-26994 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27013 CVE-2024-27019 CVE-2024-27020 CVE-2024-27395 CVE-2024-27396 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27414 CVE-2024-27416 CVE-2024-27417 CVE-2024-31076 CVE-2024-33621 CVE-2024-34397 CVE-2024-35247 CVE-2024-35833 CVE-2024-35835 CVE-2024-35847 CVE-2024-35848 CVE-2024-35852 CVE-2024-35853 CVE-2024-35854 CVE-2024-35855 CVE-2024-35947 CVE-2024-35955 CVE-2024-35958 CVE-2024-35960 CVE-2024-35962 CVE-2024-35969 CVE-2024-35973 CVE-2024-35976 CVE-2024-35983 CVE-2024-35984 CVE-2024-35990 CVE-2024-35996 CVE-2024-36005 CVE-2024-36006 CVE-2024-36007 CVE-2024-36008 CVE-2024-36015 CVE-2024-36016 CVE-2024-36017 CVE-2024-36031 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288 CVE-2024-36484 CVE-2024-36489 CVE-2024-36883 CVE-2024-36886 CVE-2024-36889 CVE-2024-36901 CVE-2024-36902 CVE-2024-36904 CVE-2024-36905 CVE-2024-36916 CVE-2024-36929 CVE-2024-36933 CVE-2024-36934 CVE-2024-36938 CVE-2024-36940 CVE-2024-36946 CVE-2024-36954 CVE-2024-36957 CVE-2024-36959 CVE-2024-36964 CVE-2024-36971 CVE-2024-36974 CVE-2024-36978 CVE-2024-37356 CVE-2024-38381 CVE-2024-38555 CVE-2024-38558 CVE-2024-38578 CVE-2024-38579 CVE-2024-38586 CVE-2024-38587 CVE-2024-38589 CVE-2024-38590 CVE-2024-38596 CVE-2024-38597 CVE-2024-38598 CVE-2024-38601 CVE-2024-38612 CVE-2024-38615 CVE-2024-38619 CVE-2024-38627 CVE-2024-38633 CVE-2024-38634 CVE-2024-38637 CVE-2024-38659 CVE-2024-38662 CVE-2024-38780 CVE-2024-39276 CVE-2024-39292 CVE-2024-39301 CVE-2024-39468 CVE-2024-39475 CVE-2024-39476 CVE-2024-39480 CVE-2024-39482 CVE-2024-39487 CVE-2024-39489 CVE-2024-39493 CVE-2024-39495 CVE-2024-39499 CVE-2024-39502 CVE-2024-39503 CVE-2024-39506 CVE-2024-40904 CVE-2024-40905 CVE-2024-40931 CVE-2024-40945 CVE-2024-40947 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40980 CVE-2024-40983 CVE-2024-40984 CVE-2024-40990 CVE-2024-40995 CVE-2024-41000 CVE-2024-41004 CVE-2024-41005 CVE-2024-41006 CVE-2024-41007 CVE-2024-41009 CVE-2024-41012 CVE-2024-41020 CVE-2024-41035 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41046 CVE-2024-41049 CVE-2024-41055 CVE-2024-41077 CVE-2024-41081 CVE-2024-41087 CVE-2024-41090 CVE-2024-41091 CVE-2024-41097 CVE-2024-42070 CVE-2024-42076 CVE-2024-42082 CVE-2024-42084 CVE-2024-42086 CVE-2024-42089 CVE-2024-42092 CVE-2024-42093 CVE-2024-42094 CVE-2024-42095 CVE-2024-42102 CVE-2024-42106 CVE-2024-42131 CVE-2024-42145 CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42154 CVE-2024-42161 CVE-2024-42223 CVE-2024-42229 CVE-2024-42232 CVE-2024-42236 CVE-2024-42244 CVE-2024-42247 CVE-2024-43861 CVE-2024-43871 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43889 CVE-2024-43890 CVE-2024-43893 CVE-2024-44935 CVE-2024-44944 CVE-2024-44949 CVE-2024-44960 CVE-2024-44971 CVE-2024-44987 CVE-2024-44989 CVE-2024-44990 CVE-2024-44995 CVE-2024-44998 CVE-2024-44999 CVE-2024-45003 CVE-2024-45006 CVE-2024-45008 CVE-2024-45021 CVE-2024-45025 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46689

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a80f2ebf-dd19-40cf-a33f-52748e6af87a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.