PatchSiren cyber security CVE debrief
CVE-2024-35944 Siemens CVE debrief
A vulnerability in the VMCI (Virtual Machine Communication Interface) kernel module, specifically in the `dg_dispatch_as_host()` function, could allow a local attacker to trigger a memcpy run-time warning condition. The issue stems from improper memory handling during datagram dispatch operations in host mode. Successful exploitation could result in denial of service conditions on affected systems. The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM severity) with a local attack vector, low attack complexity, and low privileges required. No confidentiality or integrity impact is indicated, but availability impact is rated as high.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial controllers with the GNU/Linux subsystem enabled should prioritize this vulnerability. System administrators responsible for OT/ICS environments, security teams managing industrial control systems, and personnel with interactive shell access to these devices are directly affected. Given the local attack vector, insider threats or compromised accounts with low privileges pose the primary risk.
Technical summary
The vulnerability exists in the VMCI (Virtual Machine Communication Interface) kernel module's `dg_dispatch_as_host()` function. The issue involves a memcpy() run-time warning that can be triggered, potentially leading to denial of service conditions. The VMCI module facilitates communication between virtual machines and the host system. The vulnerability is classified under CWE-787 (Out-of-bounds Write). The affected component is the GNU/Linux subsystem of the Siemens SIMATIC S7-1500 TM MFP, an industrial automation controller. No patch is currently available from the vendor.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Implement application whitelisting - only build and run applications from trusted sources
- Monitor for anomalous process behavior or unexpected system crashes on affected devices
- Apply vendor patches when Siemens releases a fix for this vulnerability
- Segment industrial control networks to limit lateral movement opportunities
- Review and implement CISA ICS recommended practices for defense in depth
Evidence notes
The vulnerability description indicates this is a VMCI kernel module issue in the `dg_dispatch_as_host()` function related to memcpy() operations. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with high availability impact. The affected product is specifically the GNU/Linux subsystem of the Siemens SIMATIC S7-1500 TM MFP industrial controller.
Official resources
-
CVE-2024-35944 CVE record
CVE.org
-
CVE-2024-35944 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2024-35944 was published on April 9, 2024, and last modified on May 14, 2026. The vulnerability was disclosed through CISA's ICS advisory ICSA-24-102-01, which has undergone multiple revisions adding additional CVEs through September 9,