PatchSiren cyber security CVE debrief
CVE-2024-33601 Siemens CVE debrief
CVE-2024-33601 is a denial-of-service vulnerability in the GNU C Library nscd netgroup cache. According to the supplied advisory material, memory allocation failures in xmalloc or xrealloc can terminate the nscd process, disrupting clients that depend on it. Siemens’ advisory context ties the issue to specific SIMATIC S7-1500 CPU variants that include an additional GNU/Linux subsystem. The flaw was introduced in glibc 2.15 when the cache was added to nscd, and the supplied source states that no fix was available at the time of publication.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of the listed Siemens SIMATIC S7-1500 CPU 1518-4/1518F-4 PN/DP MFP variants and SIPLUS variant, especially teams that enable or manage the additional GNU/Linux subsystem, should review exposure. Security and operations teams that rely on nscd for name service caching should also care because the impact is service disruption rather than data compromise.
Technical summary
The issue is in nscd’s netgroup cache handling: xmalloc or xrealloc may terminate the daemon on memory allocation failure. The supplied CVE description states this can deny service to clients and that the problem is only present in the nscd binary. The CVSS vector provided is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, which aligns with a local availability-only impact.
Defensive priority
Medium priority. The vulnerability is availability-only and local, but the affected Siemens products have no fix available in the supplied source and the advisory recommends compensating controls.
Recommended defensive actions
- Confirm whether the listed Siemens SIMATIC S7-1500 CPU variants are present in your environment and whether the additional GNU/Linux subsystem is enabled.
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only, as recommended in the advisory.
- Only build and run applications from trusted sources on the affected system, per the advisory guidance.
- Monitor Siemens ProductCERT and CISA advisory updates for any future remediation or revised guidance.
- Treat nscd-dependent services as availability-sensitive and plan compensating controls or operational fallback if the daemon terminates.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-25-162-05 and Siemens ProductCERT advisory SSA-082556 references. The supplied source lists affected Siemens products as SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0, 6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0, 6ES7518-4FX00-1AC0), and SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0). The advisory states there is currently no fix available. Timing context used here follows the supplied CVE publication date of 2025-06-10 and modified date of 2026-05-14.
Official resources
-
CVE-2024-33601 CVE record
CVE.org
-
CVE-2024-33601 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory on 2025-06-10, with a later advisory update on 2026-05-14. The supplied source does not list a KEV entry.