PatchSiren cyber security CVE debrief
CVE-2024-35936 Siemens CVE debrief
CVE-2024-35936 is a medium-severity vulnerability in the Btrfs filesystem implementation within the Linux kernel, specifically affecting the `btrfs_relocate_sys_chunks()` function. The issue involves improper handling of chunk tree lookup errors, which can lead to a denial-of-service condition. The vulnerability was published on April 9, 2024, and affects Siemens SIMATIC S7-1500 TM MFP industrial control systems that utilize the GNU/Linux subsystem. The CVSS 3.1 score of 5.5 reflects local attack vector, low attack complexity, and low privileges required, with no impact to confidentiality or integrity but high availability impact. Siemens has confirmed that no patch is currently available, and mitigation relies on restricting access to trusted personnel and ensuring only trusted applications are executed.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled, particularly in critical infrastructure sectors. Security teams responsible for OT/ICS environments, system integrators deploying these controllers, and compliance officers managing industrial cybersecurity frameworks should prioritize assessment and mitigation. The local attack vector reduces remote exploitation risk but insider threats and compromised local accounts remain relevant concerns.
Technical summary
The vulnerability exists in the Btrfs filesystem's `btrfs_relocate_sys_chunks()` function, which fails to properly handle errors when performing chunk tree lookups. This deficiency can result in a denial-of-service condition through local exploitation. The attack requires low privileges and no user interaction, with the primary impact being loss of availability. The vulnerability is classified under CWE-237 (Improper Handling of Structural Elements). As of the latest advisory modification on May 14, 2026, Siemens has not released a patch, and affected organizations must rely on access controls and trusted application policies as interim mitigations.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
- Implement application whitelisting to ensure only trusted, verified applications are built and executed on the GNU/Linux subsystem
- Monitor for anomalous filesystem operations or unexpected Btrfs errors that may indicate exploitation attempts
- Apply vendor patches when released by Siemens; subscribe to Siemens ProductCERT security advisories for update notifications
- Segment affected industrial control systems from untrusted networks to limit local attack vector exposure
- Review and implement CISA ICS recommended practices for defense-in-depth strategies in industrial environments
Evidence notes
Vulnerability description and affected product confirmed through CISA CSAF advisory ICSA-24-102-01. Vendor attribution to Siemens and product identification as SIMATIC S7-1500 TM MFP GNU/Linux subsystem derived from CSAF product tree with high confidence. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H sourced from advisory references. Remediation status of no fix available and mitigation guidance confirmed through CSAF remediations section.
Official resources
-
CVE-2024-35936 CVE record
CVE.org
-
CVE-2024-35936 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09