PatchSiren cyber security CVE debrief
CVE-2024-38635 Siemens CVE debrief
CVE-2024-38635 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's SoundWire Cadence driver, affecting the Siemens SIMATIC S7-1500 TM MFP industrial control system's GNU/Linux subsystem. The flaw involves an invalid PDI (Peripheral Device Interface) offset that can trigger a denial-of-service condition. Published on April 9, 2024, and last modified on May 14, 2026, this vulnerability requires local access with low privileges to exploit, resulting in high availability impact but no confidentiality or integrity compromise. The vulnerability stems from improper input validation (CWE-20) in the soundwire subsystem's cadence driver implementation. Siemens has confirmed that no patch is currently available, making this a persistent exposure for affected industrial deployments. The advisory has undergone ten revision cycles through September 2025, indicating ongoing monitoring and cumulative CVE additions to the same product security notice.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT security teams, Siemens SIMATIC S7-1500 TM MFP administrators, manufacturing security engineers, and organizations running GNU/Linux subsystems on Siemens PLCs in production environments.
Technical summary
The vulnerability exists in the SoundWire Cadence driver within the Linux kernel, specifically in handling PDI (Peripheral Device Interface) offsets. An invalid offset value can cause the driver to malfunction, resulting in system instability or crash. The attack requires local access with authenticated low-privilege credentials. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is a local attack with no network exposure, requiring no user interaction, and impacting only availability. The affected product is the GNU/Linux subsystem component of Siemens SIMATIC S7-1500 TM MFP programmable logic controllers used in industrial automation environments.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Implement application whitelisting to ensure only trusted sources are built and executed
- Monitor for anomalous local activity on affected Siemens SIMATIC S7-1500 TM MFP systems
- Apply defense-in-depth strategies per ICS-CERT recommended practices until a patch becomes available
- Review and enforce least-privilege access controls for local users on affected systems
Evidence notes
Source: CISA CSAF advisory ICSA-24-102-01; vendor confirmation via Siemens CERT portal SSA-265688; CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity and low privileges required, resulting in high availability impact only. CWE-20 (Improper Input Validation) classification per source references. No fix available status confirmed in remediation section.
Official resources
-
CVE-2024-38635 CVE record
CVE.org
-
CVE-2024-38635 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09