PatchSiren cyber security CVE debrief
CVE-2024-38560 Siemens CVE debrief
A missing null-termination check in the Linux kernel's SCSI BFA (Brocade Fibre Channel HBA) driver can cause an out-of-bounds read when sscanf is used on a user-supplied buffer. The driver allocates a kernel buffer sized to match user-supplied nbytes, copies exactly nbytes from userspace, and then processes the buffer with sscanf without ensuring NUL termination. This can lead to reading beyond buffer boundaries. The vulnerability is rated CVSS 3.1 5.5 (MEDIUM) with local attack vector, low attack complexity, low privileges required, and high availability impact. Siemens has identified this as affecting the GNU/Linux subsystem of SIMATIC S7-1500 TM MFP industrial control products. No patch is currently available; mitigation relies on restricting access to trusted personnel and running only trusted applications.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP systems with the GNU/Linux subsystem enabled, particularly in industrial control and OT environments where local user access cannot be fully eliminated. Security teams should prioritize access controls and monitoring given the absence of an available patch.
Technical summary
The BFA (Brocade Fibre Channel HBA) SCSI driver in the Linux kernel fails to ensure user-supplied buffers are NUL-terminated before passing them to sscanf. The driver allocates a buffer of size nbytes, copies nbytes from userspace, and uses sscanf without termination validation. This can cause sscanf to read beyond allocated memory. The vulnerability requires local access with low privileges and impacts availability. No patch is available; mitigations focus on access restriction and trusted execution environments.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Execute only applications from trusted sources
- Monitor for Siemens security advisories for patch availability
- Apply defense-in-depth controls per ICS-CERT recommended practices
- Segment industrial control networks to limit lateral movement if local access is compromised
Evidence notes
The vulnerability description is drawn from the CISA CSAF advisory ICSA-24-102-01 and the CVE record. The CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack requirements with availability impact only. Siemens remediation guidance explicitly states 'Currently no fix is available' as of the advisory publication.
Official resources
-
CVE-2024-38560 CVE record
CVE.org
-
CVE-2024-38560 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09