CVE-2024-26935 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP devices with the GNU/Linux subsystem enabled, particularly in industrial automation and control system environments where high availability is critical.

Technical summary

The vulnerability exists in the SCSI core subsystem of the Linux kernel where procfs host directories are not properly removed, causing a regression that can lead to resource exhaustion. This is classified under CWE-770: Allocation of Resources Without Limits or Throttling. The affected product is the GNU/Linux subsystem within Siemens SIMATIC S7-1500 TM MFP industrial control devices. No fix is currently available from the vendor.

Defensive priority

medium

Recommended defensive actions

• Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for patch availability from Siemens for the SIMATIC S7-1500 TM MFP GNU/Linux subsystem
• Apply defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

The vulnerability was resolved in the Linux kernel with a fix for unremoved procfs host directory regression. Siemens has confirmed this affects the GNU/Linux subsystem of SIMATIC S7-1500 TM MFP devices. The CVSS 3.1 vector indicates local attack vector with low attack complexity, low privileges required, no user interaction, and high availability impact.

Official resources