PatchSiren cyber security CVE debrief
CVE-2024-12243 Siemens CVE debrief
CVE-2024-12243 is a denial-of-service issue tracked in Siemens' SIMATIC S7-1500 CPU family advisory. The flaw is described as inefficient ASN.1/DER certificate processing in the GnuTLS/libtasn1 path, which can consume excessive resources when handling specially crafted certificate data. Siemens and CISA identify affected SIMATIC S7-1500 CPU variants and note that no fix was available in the advisory, so exposure management and source-trust controls are the practical near-term defenses.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of the affected Siemens SIMATIC S7-1500 CPU variants, especially environments using the additional GNU/Linux subsystem or applications that process untrusted certificates. OT teams that rely on these controllers for availability should treat this as a service-impacting issue.
Technical summary
The advisory links CVE-2024-12243 to GnuTLS reliance on libtasn1 for ASN.1 data processing. An inefficient algorithm can make decoding certain DER-encoded certificate data take excessive time, increasing resource consumption and potentially making the system slow or unresponsive. The CVSS vector supplied by the advisory is network-reachable with no privileges or user interaction required and with low availability impact (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CISA’s CSAF entry lists five affected Siemens product IDs and states that no fix is currently available.
Defensive priority
High for availability-sensitive OT deployments. While the CVSS score is medium, the practical risk is controller slowdown or unresponsiveness on affected product variants, which can disrupt operations even without direct confidentiality or integrity impact.
Recommended defensive actions
- Identify whether any listed SIMATIC S7-1500 CPU variants are deployed in your environment.
- Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only, as recommended in the advisory.
- Only build and run applications from trusted sources on affected systems.
- Monitor for unusually high CPU or resource consumption around certificate handling or TLS-related activity.
- Track Siemens ProductCERT / CISA updates for the availability of a corrective fix and plan remediation when one is released.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-162-05 (published 2025-06-10, latest republication update 2026-05-14), Siemens ProductCERT advisory SSA-082556, and the CVE record references supplied in the corpus. The advisory explicitly says no fix is currently available and provides mitigation guidance for the affected SIMATIC S7-1500 CPU product variants. No KEV listing was provided in the source corpus.
Official resources
-
CVE-2024-12243 CVE record
CVE.org
-
CVE-2024-12243 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory on 2025-06-10, with the latest CISA republication update reflected on 2026-05-14. No KEV date was provided in the source corpus.