Siemens SINEC OS
Act Now10ICS-CERT ICSA-26-043-06Jan 28, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SINEC OS versions before 3.3 contain multiple vulnerabilities in third-party components (CWE-787, CWE-415, CWE-20, buffer overflows, use-after-free, out-of-bounds access, and improper input validation). These flaws allow remote code execution without authentication or user interaction. Affected devices include RUGGEDCOM RST2428P and multiple SCALANCE XC/XR/XCH/XCM/XRH/XRM series switches used in industrial networks for redundancy and hardened ethernet connectivity.
What this means
What could happen
An attacker with network access can execute arbitrary code on SINEC OS-based devices (switches and routers), potentially gaining control of critical network infrastructure and disrupting communication between industrial control systems and field devices.
Who's at risk
Water authorities and utilities using Siemens RUGGEDCOM and SCALANCE industrial ethernet switches and routers in their control networks. This includes any operator running process networks that rely on these devices for connectivity between RTUs, PLCs, HMIs, and remote telemetry systems.
How it could be exploited
An attacker on the network can send a crafted packet to the SINEC OS device without authentication. The vulnerability exists in third-party components embedded in the operating system, allowing buffer overflow or other memory corruption attacks that lead to remote code execution. Once code execution is achieved, the attacker can modify device configuration, intercept traffic, or disrupt network availability.
Prerequisites
- Network access to the affected SINEC OS device (typically on industrial network)
- No authentication required
- No special user interaction required
Remotely exploitableNo authentication requiredLow complexityActively exploited (KEV)High EPSS score (50.3%)Affects network infrastructure critical to operations
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (16)
16 with fix
ProductAffected VersionsFix Status
RUGGEDCOM RST2428P (6GK6242-6PA00)< 3.33.3
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family< 3.33.3
SCALANCE XCH328< 3.33.3
SCALANCE XCM324< 3.33.3
SCALANCE XCM328< 3.33.3
Remediation & Mitigation
0/3
Do now
0/2HOTFIXUpdate SINEC OS to version 3.3 or later on all affected RUGGEDCOM and SCALANCE devices
HARDENINGImplement network segmentation to restrict access to SINEC OS devices only from trusted engineering workstations and control systems that require communication with these switches/routers
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor network traffic to and from SINEC OS devices for signs of exploitation attempts
CVEs (51)
CVE-2022-48174CVE-2023-7256CVE-2023-39810CVE-2023-42363CVE-2023-42364CVE-2023-42365CVE-2023-42366CVE-2024-6197CVE-2024-6874CVE-2024-7264CVE-2024-8006CVE-2024-8096CVE-2024-9681CVE-2024-11053CVE-2024-12718CVE-2024-41996CVE-2024-47619CVE-2024-52533CVE-2025-0167CVE-2025-0665CVE-2025-0725CVE-2025-1390CVE-2025-3360CVE-2025-4138CVE-2025-4330CVE-2025-4373CVE-2025-4435CVE-2025-4516CVE-2025-4517CVE-2025-6141CVE-2025-9086CVE-2025-9230CVE-2025-9231CVE-2025-9232CVE-2025-10148CVE-2025-27587CVE-2025-32433CVE-2025-38084CVE-2025-38085CVE-2025-38086CVE-2025-38345CVE-2025-38350CVE-2025-38498CVE-2025-39839CVE-2025-39841CVE-2025-39846CVE-2025-39853CVE-2025-39860CVE-2025-39864CVE-2025-39865CVE-2025-59375
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7d1fadf8-c1bb-42f7-8161-91f245c0e934