PatchSiren cyber security CVE debrief
CVE-2024-37370 Siemens CVE debrief
CVE-2024-37370 describes an integrity flaw in MIT Kerberos 5 (krb5) before 1.21.3. An attacker can alter the plaintext Extra Count field in a confidential GSS krb5 wrap token, which can make the unwrapped token appear truncated to the application. Siemens’ advisory maps this CVE to several SIMATIC S7-1500 CPU family products and states that no fix is currently available, so affected deployments should rely on compensating controls.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Organizations operating the Siemens SIMATIC S7-1500 CPU family listed in the advisory, especially environments using the additional GNU/Linux subsystem, GSS/Kerberos-protected application flows, or other services that process krb5 wrap tokens. OT security teams and asset owners should care because Siemens’ advisory provides only mitigations, not a fix.
Technical summary
The flaw is in the handling of confidential GSS krb5 wrap tokens. By modifying the plaintext Extra Count field, an attacker can influence how the receiving application interprets the decrypted token, causing it to appear truncated. The supplied CVSS vector emphasizes network attackability with no privileges or user interaction required, and the impact is centered on integrity and availability rather than confidentiality.
Defensive priority
High for any affected Siemens product in service, because the advisory lists no fixed version and recommends only compensating controls. Prioritize exposure reduction, subsystem access restriction, and validation of any Kerberos-dependent application paths.
Recommended defensive actions
- Identify whether any of the five Siemens product variants listed in the advisory are deployed in your environment.
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only, as Siemens recommends.
- Only build and run applications from trusted sources on affected systems, as Siemens recommends.
- Treat the affected systems as requiring compensating controls until Siemens provides a fix or a supported update path.
- Review GSS/Kerberos-dependent services for anomalous token handling and application errors consistent with truncated protected data.
- Use standard OT network segmentation and least-privilege access to reduce the chance that an attacker can reach the affected paths.
Evidence notes
The supplied corpus ties CVE-2024-37370 to Siemens advisory ICSA-25-162-05 / SSA-082556, published on 2025-06-10 and updated through 2026-05-14. The vulnerability description is explicitly attributed to MIT Kerberos 5 before 1.21.3. Siemens lists five affected SIMATIC S7-1500 CPU family product variants and includes mitigations, with no fix currently available. The corpus does not indicate KEV listing or known ransomware use.
Official resources
-
CVE-2024-37370 CVE record
CVE.org
-
CVE-2024-37370 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-25-162-05 on 2025-06-10, with later republication updates through 2026-05-14. The supplied corpus does not show KEV inclusion.