CVE-2024-27020 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled, particularly those in critical infrastructure sectors where high availability is required.

Technical summary

CVE-2024-27020 is a data-race condition in the nft_expr_type_get() function within the Linux kernel's netfilter nf_tables subsystem. The vulnerability was resolved in upstream Linux. Siemens SIMATIC S7-1500 TM MFP devices with the GNU/Linux subsystem are affected. The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM) with local attack vector, low attack complexity, low privileges required, and high availability impact. No confidentiality or integrity impact is indicated.

Defensive priority

medium

Recommended defensive actions

• Limit access to the interactive shell of the GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for future vendor security advisories from Siemens for patch availability

Evidence notes

The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-24-102-01, which references Siemens security advisory SSA-265688. The CVE was published on 2024-04-09 and last modified on 2026-05-14. No fix is currently available from the vendor.

Official resources