PatchSiren cyber security CVE debrief
CVE-2024-33600 Siemens CVE debrief
CVE-2024-33600 is a medium-severity availability issue mapped by CISA and Siemens to five SIMATIC S7-1500 CPU product variants. The underlying flaw is a null pointer dereference in nscd after a notfound netgroup response if the cache fails to store the result. The source advisory states that no fix is currently available, so defense centers on limiting access to the additional GNU/Linux subsystem and using trusted software only.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of the listed Siemens SIMATIC S7-1500 CPU variants, especially environments that use the additional GNU/Linux subsystem or expose its interactive shell to more than a tightly controlled admin group.
Technical summary
The advisory describes a null pointer crash in the Name Service Cache Daemon (nscd) when a not-found netgroup response cannot be added to cache, leading a client request to dereference a null pointer. The issue was introduced in glibc 2.15 when the cache was added to nscd and is stated to exist only in the nscd binary. In the Siemens/CISA advisory, the affected scope is limited to five SIMATIC S7-1500 CPU variants. The published CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, which aligns with an availability-only crash condition.
Defensive priority
Medium. The CVSS score is 5.3 and the modeled impact is limited to availability, but ICS deployments should still treat it as operationally relevant because a crash in a subsystem component can disrupt plant workflows. Prioritize if the affected CPU family is deployed and the additional GNU/Linux subsystem is in use.
Recommended defensive actions
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on the affected systems.
- Track Siemens ProductCERT and CISA updates for a vendor fix; the advisory states that currently no fix is available.
- Inventory the five listed SIMATIC S7-1500 CPU variants and confirm whether the additional GNU/Linux subsystem is enabled in your deployment.
Evidence notes
The source corpus ties CVE-2024-33600 to Siemens advisory SSA-082556 / CISA ICSA-25-162-05 and lists five affected SIMATIC S7-1500 CPU product names. The advisory description says the flaw is a null pointer dereference in nscd after a notfound netgroup response when caching fails, and it explicitly says the vulnerability is only present in the nscd binary. The remediation section states that no fix is currently available. Timing context: the CVE and source item were published on 2025-06-10 and were last updated in the supplied corpus on 2026-05-14.
Official resources
-
CVE-2024-33600 CVE record
CVE.org
-
CVE-2024-33600 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF ICSA-25-162-05 and Siemens ProductCERT SSA-082556 on 2025-06-10. The supplied source corpus shows later CISA republication updates, with the latest on 2026-05-14.