PatchSiren cyber security CVE debrief
CVE-2024-35922 Siemens CVE debrief
CVE-2024-35922 is a division-by-zero vulnerability in the Linux kernel's framebuffer monitor (fbmon) subsystem, specifically within the fb_videomode_from_videomode() function. The vulnerability was published on April 9, 2024, and affects Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem. The flaw can be triggered when processing video mode parameters, leading to a local denial-of-service condition. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, and low privileges required, with high availability impact but no confidentiality or integrity impact. Siemens has not released a patch as of the source document's last modification on May 14, 2026. The advisory recommends limiting interactive shell access to trusted personnel and only running applications from trusted sources as interim mitigations.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT security engineers, and asset owners using Siemens SIMATIC S7-1500 TM MFP controllers with the GNU/Linux subsystem. Organizations in manufacturing, process control, and critical infrastructure sectors should prioritize access restrictions until a patch is released.
Technical summary
The vulnerability exists in the fb_videomode_from_videomode() function within the Linux kernel's framebuffer monitor (fbmon) code. A division-by-zero condition can occur when processing video mode timing parameters, resulting in a kernel crash and local denial-of-service. The attack requires local access with low privileges and no user interaction. The flaw does not enable privilege escalation, information disclosure, or code execution. Affected systems are Siemens SIMATIC S7-1500 TM MFP programmable logic controllers with the optional GNU/Linux subsystem enabled. No vendor patch is currently available; mitigation relies on access controls and trusted application execution.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to authorized personnel only
- Implement application whitelisting to ensure only trusted applications execute on affected systems
- Monitor for anomalous framebuffer or video subsystem activity in system logs
- Apply vendor patches when released by Siemens ProductCERT
- Review and implement CISA ICS recommended practices for defense-in-depth
- Segment industrial control networks to limit lateral movement potential
Evidence notes
The vulnerability description is sourced directly from the CISA CSAF advisory ICSA-24-102-01, which references Siemens SSA-265688. The affected product is explicitly identified as the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP. The CVSS vector confirms local attack requirements and denial-of-service impact only. No fix availability is stated in the remediation section of the source advisory.
Official resources
-
CVE-2024-35922 CVE record
CVE.org
-
CVE-2024-35922 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This CVE was disclosed through coordinated disclosure via CISA and Siemens ProductCERT. The vulnerability was initially published in ICSA-24-102-01 on April 9, 2024, with subsequent advisory updates through September 2025 adding related CVE