Executive Summary

CVE-2025-66035 covers multiple memory safety defects in Siemens SINEC OS versions below V4.0, including improper memory buffer bounds handling, improper resource shutdown or release, and integer overflow, carrying a vendor CVSS of 9.8. On the RUGGEDCOM RST2428P (6GK6242-6PA00), a switch hardened for substation and outdoor field cabinets, these defects can be reached over the network to corrupt memory or exhaust device resources, degrading or dropping the Layer 2 fabric that carries protection and control traffic.

Technical Exposure Breakdown

The vulnerable component is the SINEC OS network stack and service layer running on the RST2428P prior to V4.0. Three defect classes are combined under this CVE. First, improper restriction of operations within the bounds of a memory buffer, a classic out of bounds read or write that can lead to memory corruption. Second, improper resource shutdown or release, where sockets, handles, or memory allocations are not freed, driving the device toward resource starvation. Third, integer overflow or wraparound, which typically manifests when a length or counter field is attacker controlled and wraps to a small value, undersizing an allocation and feeding directly back into the buffer overflow condition.

The 9.8 rating signals a network attack vector, low attack complexity, no privileges required, and no user interaction, with impact to confidentiality, integrity, and availability. In plain terms, an unauthenticated adversary with reachability to a management or in band service port can trigger these conditions. The realistic outcomes are a denial of service against the switch itself and, with sufficient control of the overflow, potential code execution on the device. The RST2428P is a fanless field switch. It is frequently deployed in ring or redundant topologies exactly because it sits at points where a single failure has downstream consequences.

OT Impact and Compliance Risk

This is not an endpoint. It is transport. When a RUGGEDCOM switch stops forwarding, GOOSE and sampled value traffic, SCADA polling, and PTP or IRIG time distribution stop with it. In an IEC 61850 substation, loss of the switching fabric can blind relays to peer status and interrupt breaker interlock signaling. Resource exhaustion is arguably worse than a clean crash because the device can enter a degraded state where some traffic passes and some does not, which is far harder for operators to diagnose than a hard failure.

For NERC CIP entities, an internet reachable or loosely segmented RST2428P at a medium or high impact BES Cyber System pulls in CIP-007 patch management timelines and CIP-010 configuration change tracking. Under IEC 62443, this defect maps to failures in resource availability and communication integrity requirements at the component level. Water and wastewater operators subject to AWIA 2018 should treat any control network switch of this class as an in scope asset in their risk and resilience assessments. Pipeline operators under TSA SD-02C should confirm this device sits inside a defined security zone with enforced access control boundaries.

Compensating Controls

Do not begin with active vulnerability scanning of these switches. Aggressive probing of the very network stack that is defective can trigger the exact resource exhaustion or memory corruption you are trying to avoid, and can knock a production switch offline. Enumerate affected units from configuration inventories and passive network monitoring instead.

Where an update cannot be scheduled immediately, tight segmentation and management plane isolation materially reduce the reachable attack surface, but they do not remove the defect.

BreachSpider Intel

BreachSpider tracks CVE-2025-66035 and the RUGGEDCOM SINEC OS advisory set across affected firmware ranges, correlating exposure against your asset inventory for continuous monitoring.