CVE-2024-33602 Siemens CVE debrief

Who should care

Siemens SIMATIC S7-1500 operators, OT administrators, and engineers responsible for the affected CPU 1518 MFP / 1518F MFP models, especially environments that use the additional GNU/Linux subsystem or its interactive shell.

Technical summary

The advisory says nscd’s netgroup cache assumes NSS callbacks store all strings in the provided buffer. If a callback keeps strings elsewhere, nscd can corrupt memory while handling the cache. The source notes the flaw was introduced in glibc 2.15 when the cache was added to nscd, and that it is only present in the nscd binary. Siemens ties this to five affected product identifiers and lists no available fix.

Defensive priority

Medium. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, which points to local access and limited impact, but the affected Siemens products have no fix in the advisory and rely on compensating controls.

Recommended defensive actions

• Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
• Only build and run applications from trusted sources on affected devices.
• Treat the listed SIMATIC S7-1500 CPU models as affected until Siemens provides a corrective update or revised guidance.
• Track Siemens ProductCERT and CISA advisory updates for changes to remediation status.
• Use compensating controls and maintenance planning to reduce exposure in OT environments that rely on the affected subsystem.

Evidence notes

Source evidence comes from Siemens ProductCERT advisory SSA-082556 as republished in CISA CSAF advisory ICSA-25-162-05. The source item lists the affected SIMATIC S7-1500 CPU product names, the nscd/netgroup cache memory-corruption description, the CVSS 3.1 vector, and a remediation entry stating that no fix is currently available. PublishedAt is 2025-06-10 and ModifiedAt is 2026-05-14; those dates are used here for advisory timing context only.

Official resources