PatchSiren cyber security CVE debrief
CVE-2024-38565 Siemens CVE debrief
CVE-2024-38565 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's ar5523 Wi-Fi driver, affecting the GNU/Linux subsystem of Siemens SIMATIC S7-1500 TM MFP industrial controllers. The flaw involves improper endpoint verification in the USB Wi-Fi driver, where an endpoint in use lacks the expected type, potentially leading to denial of service conditions. The vulnerability was discovered through Syzkaller kernel fuzzing and was published on April 9, 2024. Siemens has confirmed this vulnerability affects their industrial control product but has not released a patch as of the latest advisory update on May 14, 2026. The vulnerability requires local access with low privileges to exploit, with no user interaction needed. Given the affected product is an industrial control system deployed in operational technology environments, organizations should implement strict access controls to the GNU/Linux subsystem's interactive shell and only execute applications from trusted sources until a patch becomes available.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial controllers with enabled GNU/Linux subsystems, particularly in manufacturing, process control, and critical infrastructure sectors where these devices manage physical processes.
Technical summary
The ar5523 driver in the Linux kernel fails to properly verify USB endpoint types before use. A Syzkaller fuzzing report triggered a warning when an endpoint lacked the expected type. The fix involves validating all endpoints and their types exist before operation, though the patch was not tested on physical hardware.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem of affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
- Implement application whitelisting to ensure only trusted, verified applications execute on the GNU/Linux subsystem
- Monitor for anomalous USB device connections or Wi-Fi driver activity on affected systems
- Apply vendor patches immediately upon release from Siemens
- Segment affected industrial control systems from enterprise networks per CISA ICS recommended practices
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-24-102-01 and Siemens security advisory SSA-265688. CVSS vector confirms local attack vector with low attack complexity. The source advisory indicates no fix is currently available as of the last modification date.
Official resources
-
CVE-2024-38565 CVE record
CVE.org
-
CVE-2024-38565 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09