PatchSiren cyber security CVE debrief
CVE-2024-33599 Siemens CVE debrief
CVE-2024-33599 is a high-severity stack-based buffer overflow in nscd netgroup cache handling, described in Siemens and CISA advisory material for specific SIMATIC S7-1500 CPU family products with an additional GNU/Linux subsystem. The source states that no fix is currently available, so affected environments should rely on compensating controls and Siemens/CISA guidance.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of the affected Siemens SIMATIC S7-1500 CPU models, especially OT/ICS teams responsible for the additional GNU/Linux subsystem, application build/run controls, and access to interactive shells. Security teams supporting industrial control environments should also review the advisory and mitigation guidance.
Technical summary
The source describes a stack-based buffer overflow in the Name Service Cache Daemon (nscd) netgroup cache path. If nscd's fixed-size cache is exhausted by client requests, a later client request for netgroup data may trigger the overflow. The issue is described as introduced in glibc 2.15 when the cache was added to nscd and as only present in the nscd binary. Siemens' advisory maps the issue to five SIMATIC S7-1500 CPU product variants listed in the source corpus.
Defensive priority
High. The advisory reports a remotely reachable CVSS 3.1 vector of AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H and states that no fix is currently available for the affected products, making compensating controls important.
Recommended defensive actions
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources.
- Inventory the affected Siemens product variants and verify whether the additional GNU/Linux subsystem is in use.
- Apply Siemens and CISA-recommended compensating controls while monitoring the advisory for remediation updates.
- Use CISA ICS recommended practices and defense-in-depth guidance to reduce exposure in the OT environment.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-25-162-05 and Siemens ProductCERT references. The source lists five affected Siemens SIMATIC S7-1500 CPU variants, states that no fix is currently available, and provides the CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H. The source also identifies CWE-121 and describes the flaw as a stack-based buffer overflow in nscd netgroup cache handling. Timing context uses the supplied CVE publication date 2025-06-10 and latest source update 2026-05-14 only.
Official resources
-
CVE-2024-33599 CVE record
CVE.org
-
CVE-2024-33599 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied source corpus through CISA CSAF advisory ICSA-25-162-05 on 2025-06-10, with the latest supplied source update on 2026-05-14. This debrief uses the provided publication and revision dates for timing context