CVE-2024-35965 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP devices in industrial environments, particularly those utilizing the GNU/Linux subsystem for custom applications. OT security teams, ICS asset owners, and system integrators responsible for maintaining availability of industrial control systems should prioritize access control mitigations.

Technical summary

The vulnerability exists in the Bluetooth L2CAP (Logical Link Control and Adaptation Protocol) implementation within the Linux kernel. The setsockopt system call fails to validate user input length before copying data, potentially enabling a local attacker with low privileges to cause denial of service conditions. The flaw is classified under CWE-120 (Classic Buffer Overflow). The affected product is the GNU/Linux subsystem of Siemens SIMATIC S7-1500 TM MFP, an industrial automation device. No software patch is currently available from the vendor.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
• Implement application whitelisting to ensure only applications from trusted sources are built and executed on the GNU/Linux subsystem
• Monitor for anomalous process activity or unexpected Bluetooth L2CAP socket operations on affected devices
• Review and apply defense-in-depth strategies for industrial control systems as recommended by CISA
• Subscribe to Siemens ProductCERT security advisories for notification when a patch becomes available

Evidence notes

Vulnerability description and affected product information derived from CISA CSAF advisory ICSA-24-102-01. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with availability impact only. Remediation status of 'none_available' and specific mitigation guidance extracted from source advisory remediations section.

Official resources