CVE-2024-35940 Siemens CVE debrief

Who should care

Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with the GNU/Linux subsystem enabled; OT security teams managing embedded Linux environments; asset owners requiring high availability for manufacturing or process control systems

Technical summary

The vulnerability exists in fs/pstore/zone.c in the Linux kernel's persistent storage (pstore) zone implementation. The psz_kmsg_read function lacks a null pointer check before dereferencing a pointer, which can trigger a kernel oops or panic when reading from the pstore zone. This is classified as CWE-476 (NULL Pointer Dereference). The attack vector is local, requiring low privileges and no user interaction. The vulnerability specifically impacts availability with no direct confidentiality or integrity effects. Siemens has confirmed no fix is currently available as of the advisory publication.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
• Build and run applications only from trusted sources
• Monitor for anomalous process crashes or kernel panics on affected devices
• Apply vendor security updates when Siemens releases a fix for this vulnerability
• Implement network segmentation to limit access to industrial control devices
• Review and apply CISA ICS recommended practices for defense-in-depth strategies

Evidence notes

CVE published 2024-04-09 per official CVE record. CISA ICS advisory ICSA-24-102-01 published same date. Advisory last modified 2026-05-14 with multiple revision updates adding additional CVEs to the same Siemens product advisory. Source corpus indicates this vulnerability is tracked under CWE-476 (NULL Pointer Dereference).

Official resources