CVE-2024-35888 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP devices with enabled GNU/Linux subsystems, particularly in industrial control system (ICS/OT) environments. Security teams responsible for OT network segmentation and access control. System integrators and maintenance personnel with shell access to affected devices.

Technical summary

The vulnerability exists in the Linux kernel's ERSPAN (Encapsulated Remote Switched Port Analyzer) implementation, specifically in how the erspan_base_hdr structure is handled within socket buffer (skb) memory. The fix ensures this header is properly present in skb->head, preventing potential memory safety issues. The CVSS 3.1 score of 5.5 (MEDIUM) reflects a local attack vector requiring low privileges but resulting in high availability impact through denial of service. The affected product is the GNU/Linux subsystem of Siemens SIMATIC S7-1500 TM MFP, an industrial automation device. No firmware patch is currently available; risk reduction depends on operational security controls.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
• Build and run applications only from trusted sources
• Monitor for future Siemens security advisories for patch availability
• Apply defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

CVE published 2024-04-09. CISA CSAF advisory ICSA-24-102-01 first published same date. Siemens advisory SSA-265688 cross-referenced. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, low privileges required, and high availability impact. No known exploitation in the wild per available sources. Not listed in CISA KEV catalog.

Official resources