PatchSiren cyber security CVE debrief
CVE-2024-27065 Siemens CVE debrief
A vulnerability in the Linux kernel's netfilter nf_tables subsystem could allow a local attacker to cause a denial of service condition. The issue stems from improper handling of internal table flags during table updates, where unnecessary transaction processing occurs when no flag modifications are present. This flaw was resolved by restoring the logic to skip transactions when table updates do not modify flags. The vulnerability affects Siemens SIMATIC S7-1500 TM MFP devices that utilize the GNU/Linux subsystem.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with enabled GNU/Linux subsystems should prioritize this vulnerability. System administrators responsible for embedded Linux environments in OT/ICS networks, security teams managing defense-in-depth strategies for industrial assets, and personnel with interactive shell access to these devices need to understand the risk profile and implement compensating controls until a patch becomes available.
Technical summary
The vulnerability exists in the Linux kernel's netfilter nf_tables component, specifically in how table updates are processed. When updating nftables tables, the code was incorrectly comparing internal table flags even when no flag modifications were requested, failing to skip unnecessary transaction processing. The fix restores proper transaction skipping behavior when table updates do not modify flags, preventing potential resource exhaustion or instability. This is a local vulnerability requiring low privileges but high attack complexity, with availability impact as the primary concern.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run applications exclusively from trusted sources
- Monitor for Siemens security advisories regarding future patches for SSA-265688
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Review and implement ICS-CERT recommended practices for securing embedded Linux subsystems
Evidence notes
The vulnerability description indicates this is a Linux kernel netfilter nf_tables issue resolved by restoring transaction skipping behavior when table updates do not modify flags. The CVSS 3.1 vector (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with high attack complexity, low privileges required, and high availability impact. Siemens has confirmed affected status for SIMATIC S7-1500 TM MFP GNU/Linux subsystem with no fix currently available.
Official resources
-
CVE-2024-27065 CVE record
CVE.org
-
CVE-2024-27065 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09