PatchSiren cyber security CVE debrief
CVE-2024-26884 Siemens CVE debrief
CVE-2024-26884 is a medium-severity vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) hashtab implementation, specifically affecting 32-bit architectures. The flaw involves an incorrect overflow check that could lead to denial of service conditions. Siemens has identified this vulnerability as affecting the GNU/Linux subsystem of their SIMATIC S7-1500 TM MFP industrial control product. The vulnerability was published on April 9, 2024, and the advisory has been updated multiple times through September 2025 to include additional related CVEs. No patch is currently available from Siemens; mitigation relies on access controls and trusted application practices.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP systems with the GNU/Linux subsystem enabled, particularly those in industrial and manufacturing environments where high availability is critical. Security teams responsible for OT/ICS infrastructure should prioritize access controls until a patch becomes available.
Technical summary
The vulnerability exists in the BPF (Berkeley Packet Filter) subsystem's hashtab implementation on 32-bit architectures. An incorrect overflow check could be exploited to cause denial of service. The attack requires local access with low privileges and no user interaction. The vulnerability does not impact confidentiality or integrity, but can result in high availability impact.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run applications exclusively from trusted sources
- Monitor for future Siemens security advisories for patch availability
- Apply defense-in-depth strategies per ICS-CERT recommended practices
- Review and implement CISA ICS recommended practices for industrial control systems
Evidence notes
Vulnerability description and affected product information sourced from CISA CSAF advisory ICSA-24-102-01. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with low attack complexity and low privileges required, resulting in high availability impact. Remediation status of 'no fix available' and mitigation guidance directly from source advisory.
Official resources
-
CVE-2024-26884 CVE record
CVE.org
-
CVE-2024-26884 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public