PatchSiren cyber security CVE debrief
CVE-2024-26907 Siemens CVE debrief
This CVE addresses a fortify source warning in the RDMA/mlx5 kernel driver related to Ethernet segment access. The vulnerability affects the GNU/Linux subsystem within Siemens SIMATIC S7-1500 TM MFP industrial control systems. The issue was originally published in the Linux kernel context and subsequently incorporated into Siemens' security advisory tracking for affected OT products. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector requiring low privileges, with high availability impact but no confidentiality or integrity impact. The advisory notes that no fix is currently available, emphasizing mitigation through access controls and trusted source validation for the GNU/Linux subsystem.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with the GNU/Linux subsystem enabled; OT security teams managing RDMA-capable networks; asset owners requiring defense-in-depth strategies for unpatched embedded Linux components
Technical summary
The vulnerability exists in the RDMA/mlx5 driver's handling of Ethernet segment access, where fortify source checks identified unsafe memory operations. In the context of Siemens SIMATIC S7-1500 TM MFP, this affects the embedded GNU/Linux subsystem used for extended functionality. The local attack vector requires authenticated low-privilege access to the subsystem. Successful exploitation results in denial of service (high availability impact) without affecting data confidentiality or integrity. The absence of an available patch necessitates operational mitigations focusing on access restriction and supply chain integrity for applications running on the affected subsystem.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run applications exclusively from trusted sources
- Monitor for updates from Siemens regarding patch availability
- Apply defense-in-depth strategies per CISA ICS recommended practices
- Review network segmentation for affected industrial control systems
Evidence notes
CVE published 2024-04-09 per official CVE record and CISA CSAF source. Modified 2026-05-14. Source advisory ICSA-24-102-01 has undergone multiple revisions through September 2025, with this CVE present in the initial publication. Siemens SSA-265688 provides product-specific context. No KEV listing. No known ransomware campaign use documented.
Official resources
-
CVE-2024-26907 CVE record
CVE.org
-
CVE-2024-26907 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09