PatchSiren cyber security CVE debrief
CVE-2024-35966 Siemens CVE debrief
A vulnerability in the Linux kernel's Bluetooth RFCOMM subsystem allows local attackers to cause denial of service through improper validation of setsockopt user input. The flaw exists in the RFCOMM (Radio Frequency Communication) protocol implementation used for Bluetooth serial port emulation. A local attacker with low privileges can exploit this to trigger a denial of service condition on affected systems. The vulnerability has been assigned a CVSS 3.1 score of 5.5 (MEDIUM) with an attack vector of local access, low attack complexity, and low privileges required. No confidentiality or integrity impact is associated with this vulnerability; the sole impact is to availability. Siemens has identified this vulnerability as affecting the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP industrial control device. The vendor has not released a patch as of the latest advisory update.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Operators of Siemens SIMATIC S7-1500 TM MFP industrial control systems utilizing the GNU/Linux subsystem; OT security teams managing Bluetooth-enabled industrial devices; organizations with defense-in-depth ICS security requirements
Technical summary
The vulnerability stems from missing validation of user-supplied input to the setsockopt system call in the Bluetooth RFCOMM kernel module. RFCOMM provides serial port emulation over Bluetooth and is commonly used in industrial devices for wireless connectivity. The improper input validation can be exploited by a local, low-privileged attacker to cause a denial of service. The attack does not require user interaction and cannot be exploited remotely. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) reflects this local, low-complexity attack with high availability impact. Siemens has confirmed the vulnerability affects the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP, an industrial PC module used in manufacturing environments. As of the April 9, 2024 advisory publication, no security fix is available from the vendor.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
- Implement application whitelisting to ensure only trusted applications are built and executed on the GNU/Linux subsystem
- Monitor for anomalous Bluetooth RFCOMM activity or unexpected process crashes on affected systems
- Subscribe to Siemens ProductCERT security advisories for patch availability notifications
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
Evidence notes
Vulnerability description and affected product information sourced from CISA CSAF advisory ICSA-24-102-01. CVSS vector confirms local attack vector with availability impact only. Siemens advisory SSA-265688 provides product-specific impact assessment. No fix available per vendor remediation statement dated 2024-04-09.
Official resources
-
CVE-2024-35966 CVE record
CVE.org
-
CVE-2024-35966 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09