PatchSiren cyber security CVE debrief
CVE-2024-35997 Siemens CVE debrief
A race condition in the Linux kernel's HID I2C subsystem can cause a system lock-up on Siemens SIMATIC S7-1500 TM MFP devices with the GNU/Linux subsystem. The vulnerability stems from improper synchronization when the I2C_HID_READ_PENDING flag is set during HID report reads, potentially leaving the driver in a hung state. This is a local attack vector requiring low privileges with no user interaction, resulting in high availability impact. The issue was disclosed in April 2024 and affects industrial control systems where the GNU/Linux subsystem is exposed. No patch is currently available from Siemens; mitigation relies on restricting access to trusted personnel and running only trusted applications.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with the GNU/Linux subsystem enabled; OT security teams managing PLC environments; asset owners requiring high availability from their control systems; compliance officers tracking unpatched vulnerabilities in critical infrastructure.
Technical summary
The Linux kernel's HID I2C driver (i2c-hid) contains a race condition where the I2C_HID_READ_PENDING flag is not properly cleared, leading to potential driver lock-up and system unavailability. On Siemens SIMATIC S7-1500 TM MFP devices with the GNU/Linux subsystem, a local attacker with low privileges can trigger this condition, causing denial of service. The vulnerability is classified as medium severity (CVSS 5.5) with high availability impact. No firmware or software patch is currently available; mitigation requires operational controls restricting subsystem access and application execution to trusted sources.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Execute only applications from trusted sources on affected devices
- Monitor for anomalous system behavior or unexpected lock-ups on SIMATIC S7-1500 TM MFP units
- Apply future Siemens security updates when patches become available
- Segment affected industrial control systems from untrusted networks per CISA ICS recommended practices
Evidence notes
The vulnerability description indicates a race condition in the i2c-hid driver where the I2C_HID_READ_PENDING flag can cause driver lock-up. The CVSS vector confirms local attack vector with low attack complexity and low privileges required. Siemens advisory SSA-265688 and CISA ICSA-24-102-01 document this as affecting the SIMATIC S7-1500 TM MFP GNU/Linux subsystem. The source advisory explicitly states 'Currently no fix is available' as of the last modification. Multiple revision updates to the advisory (through September 2025) have added related CVEs but no resolution for this specific issue.
Official resources
-
CVE-2024-35997 CVE record
CVE.org
-
CVE-2024-35997 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09