CVE-2024-42281 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with enabled GNU/Linux subsystems; OT security teams managing embedded Linux environments in manufacturing and process control; system integrators deploying BPF-based networking or monitoring solutions on affected platforms.

Technical summary

The vulnerability exists in the Linux kernel's BPF subsystem when handling Generic Segmentation Offload (GSO) size downgrades. The socket buffer (skb) segmentation logic can trigger a BUG_ON() assertion when the gso_size is downgraded without proper linearization. The kernel fix linearizes the skb during this operation to prevent the crash. In the context of Siemens SIMATIC S7-1500 TM MFP, this affects the embedded GNU/Linux subsystem where BPF programs may be utilized. The attack vector is local, requiring high privileges, with no confidentiality impact, low integrity impact, and high availability impact per the CVSS 3.1 vector (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
• Implement application whitelisting to ensure only trusted, verified applications are built and executed on the GNU/Linux subsystem
• Monitor for an official security patch from Siemens and apply when available
• Review network segmentation for affected industrial control systems to limit lateral movement potential
• Apply defense-in-depth strategies per ICS-CERT recommended practices for industrial control systems

Evidence notes

CVE published 2024-04-09 per official CVE record. Modified 2026-05-14. Source advisory ICSA-24-102-01 published 2024-04-09. Siemens SSA-265688 referenced as primary vendor advisory. CVSS 5.1 (MEDIUM) per source. Not listed in CISA KEV.

Official resources