ID

VAR-202407-1776


CVE

CVE-2024-40971


TITLE

Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlier

Trust: 0.6

sources: CNVD: CNVD-2025-19350

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable. Thread A: Thread B: -f2fs_remount -f2fs_file_open or f2fs_new_inode -default_options <- clear SB_INLINECRYPT flag -fscrypt_select_encryption_impl -parse_options <- set SB_INLINECRYPT again. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 1.44

sources: NVD: CVE-2024-40971 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.36

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.221

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.8

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.9.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.162

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.96

Trust: 1.0

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // NVD: CVE-2024-40971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-40971
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-40971
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-19350 // NVD: CVE-2024-40971

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2024-40971

PATCH

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19350

EXTERNAL IDS

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:NVDid:CVE-2024-40971

Trust: 1.0

db:CNVDid:CNVD-2025-19350

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // NVD: CVE-2024-40971

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://git.kernel.org/stable/c/724429db09e21ee153fef35e34342279d33df6ae

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/ac5eecf481c29942eb9a862e758c0c8b68090c33

Trust: 1.0

url:https://git.kernel.org/stable/c/a9cea0489c562c97cd56bb345e78939f9909e7f4

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/eddeb8d941d5be11a9da5637dbe81ac37e8449a2

Trust: 1.0

url:https://git.kernel.org/stable/c/ae39c8ec4250d2a35ddaab1c40faacfec306ff66

Trust: 1.0

url:https://git.kernel.org/stable/c/38a82c8d00638bb642bef787eb1d5e0e4d3b7d71

Trust: 1.0

sources: CNVD: CNVD-2025-19350 // NVD: CVE-2024-40971

SOURCES

db:CNVDid:CNVD-2025-19350
db:NVDid:CVE-2024-40971

LAST UPDATE DATE

2026-06-18T19:39:49.343000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:NVDid:CVE-2024-40971date:2026-05-12T12:17:01.213

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:NVDid:CVE-2024-40971date:2024-07-12T13:15:18.750