PatchSiren cyber security CVE debrief
CVE-2024-35925 Siemens CVE debrief
CVE-2024-35925 is a medium-severity vulnerability (CVSS 5.5) affecting the Linux kernel block layer, specifically in the blk_rq_stat_sum() function. The issue involves a division-by-zero condition that could lead to denial of service. This vulnerability was published on April 9, 2024, and affects Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem. The vulnerability requires local access with low privileges and no user interaction, making it exploitable by authenticated users with shell access to the Linux subsystem. Siemens has not released a patch as of the last advisory update on May 14, 2026. Organizations should implement access controls and trusted application policies as interim mitigations.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled should prioritize this vulnerability. This includes manufacturing facilities, critical infrastructure operators, and industrial automation environments where these controllers manage physical processes. Security teams responsible for OT/ICS security, system integrators, and asset owners with deployed S7-1500 TM MFP units should assess exposure and implement mitigations.
Technical summary
The vulnerability exists in blk_rq_stat_sum() within the Linux kernel block layer, where insufficient validation of statistical data can result in division by zero. This function is used for block I/O request statistics aggregation. When exploited, the condition causes a kernel crash or hang, resulting in denial of service. The attack requires local access with authenticated privileges to the GNU/Linux subsystem on affected Siemens industrial controllers. No confidentiality or integrity impact is associated with this vulnerability; the sole impact is to availability.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Implement application whitelisting to ensure only trusted applications are built and executed
- Monitor for anomalous process behavior or unexpected system crashes on affected devices
- Apply vendor patches when released by Siemens
- Segment industrial control networks to limit lateral movement from compromised Linux subsystem
- Review and implement CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description indicates a division-by-zero condition in blk_rq_stat_sum() within the Linux kernel block layer. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity, low privileges required, and high availability impact. The CWE-369 classification indicates divide-by-zero weakness. Siemens advisory SSA-265688 provides product-specific impact assessment.
Official resources
-
CVE-2024-35925 CVE record
CVE.org
-
CVE-2024-35925 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This vulnerability was disclosed through coordinated disclosure via CISA and Siemens ProductCERT. The advisory ICSA-24-102-01 was initially published on April 9, 2024, and has undergone multiple revisions through September 2025 to add newly