CVE-2024-41046 Siemens CVE debrief

Who should care

Siemens SIMATIC S7-1500 TM MFP - BIOS operators, OT/ICS administrators, asset owners, and responders responsible for devices that may include the affected Linux kernel component.

Technical summary

The advisory describes a double-free in the Linux kernel lantiq_etop driver during detach. Because the released descriptor count is never incremented, the same skb may be released more than once. The CISA/Siemens CSAF entry lists Siemens SIMATIC S7-1500 TM MFP - BIOS as the affected product, gives a CVSS 3.1 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (5.5 Medium), and states that no fix is currently available.

Defensive priority

Medium, elevated for affected Siemens OT deployments because the advisory reports no fix currently available and the impact is high availability loss.

Recommended defensive actions

• Confirm whether Siemens SIMATIC S7-1500 TM MFP - BIOS is deployed in your environment and map any Linux kernel components exposed through the product.
• Review Siemens advisory SSA-503939 and CISA advisory ICSA-25-072-03 for the latest status and revisions.
• Apply Siemens’ workaround guidance: only build and run applications from trusted sources.
• Restrict local user access and administrative privileges on affected systems where feasible, since the CVSS vector indicates local, low-privilege access.
• Monitor affected devices for unexpected crashes, resets, or other availability issues.
• Plan compensating controls and maintenance windows because the advisory states that no fix is currently available.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-072-03 and Siemens references. The advisory text describes a Linux kernel lantiq_etop double-free in detach and lists Siemens SIMATIC S7-1500 TM MFP - BIOS as the affected product. The source states that no fix is currently available and recommends only building and running applications from trusted sources. No additional exploit details are included here.

Official resources