PatchSiren cyber security CVE debrief
CVE-2024-42154 Siemens CVE debrief
CVE-2024-42154 is described in the supplied source corpus as a Linux kernel tcp_metrics input-validation issue that appears in Siemens advisory ICSA-25-072-03 / SSA-503939 for SIMATIC S7-1500 TM MFP - BIOS. The issue is that TCP_METRICS_ATTR_SADDR_IPV4 was not checked to ensure it was at least 4 bytes long, and the policy did not define an entry for that attribute; the advisory rates the issue CVSS v3.1 5.5 with a local, low-privilege, availability-focused impact.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - BIOS
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-09-09
Who should care
Siemens SIMATIC S7-1500 TM MFP - BIOS operators, OT/ICS administrators, Linux or embedded platform owners, and incident responders responsible for systems where local users or untrusted applications may reach the affected kernel path.
Technical summary
The vulnerability is a missing-length-validation bug in the Linux kernel tcp_metrics handling path. According to the supplied description, TCP_METRICS_ATTR_SADDR_IPV4 was not validated for a minimum size of 4 bytes, and the policy lacked an explicit entry for that attribute; IPv6 was manually validated. The supplied CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack requiring low privileges and primarily affecting availability.
Defensive priority
Medium priority: the impact is availability-centric and requires local low-privilege access, but the affected advisory states no fix was available at publication time.
Recommended defensive actions
- Confirm whether any Siemens SIMATIC S7-1500 TM MFP - BIOS assets in your environment are covered by advisory ICSA-25-072-03 / SSA-503939.
- Because the supplied advisory states that no fix is available, apply the documented workaround: only build and run applications from trusted sources.
- Reduce local attack surface on affected systems by enforcing least privilege, application allowlisting, and strict administrative access controls.
- Monitor Siemens and CISA advisory updates for a future fix or additional mitigation guidance, especially since the advisory was revised on 2025-09-09.
- If these systems are production-critical, review whether local user access is truly required and remove unnecessary accounts, services, or software that could reach the affected kernel path.
Evidence notes
The source corpus ties CVE-2024-42154 to Siemens advisory ICSA-25-072-03 and the Siemens SSA-503939 references. The advisory publication date is 2025-03-11 and the latest supplied modification date is 2025-09-09, when the advisory was updated to add CVE-2025-8058. The corpus explicitly lists 'Currently no fix is available' and recommends 'Only build and run applications from trusted sources.' No KEV entry, ransomware linkage, or active exploitation is stated in the supplied material.
Official resources
-
CVE-2024-42154 CVE record
CVE.org
-
CVE-2024-42154 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-25-072-03 on 2025-03-11, with a later advisory revision on 2025-09-09. The supplied corpus does not indicate KEV inclusion or active exploitation.