PatchSiren cyber security CVE debrief
CVE-2024-42292 Siemens CVE debrief
CVE-2024-42292 is a medium-severity out-of-bounds (OOB) memory access vulnerability in the Linux kernel's kobject_uevent subsystem, specifically within the zap_modalias_env() function. The flaw stems from an incorrect size calculation when moving memory blocks during MODALIAS environment variable processing. If MODALIAS is not the last variable in the environment parameter, the miscalculation causes memory access beyond allocated boundaries. This vulnerability was resolved by correcting the size parameter passed to memmove(). Siemens has identified this vulnerability as affecting the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP industrial control system. The vulnerability was published on April 9, 2024, and the advisory was last modified on May 14, 2026, with multiple updates adding additional CVEs to the same advisory over time. No patch is currently available from Siemens; mitigations focus on restricting access to trusted personnel and ensuring only trusted applications are executed.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP systems with enabled GNU/Linux subsystems, particularly in industrial and OT environments where system availability is critical. Security teams responsible for ICS/OT infrastructure, system integrators, and asset owners in manufacturing, process control, and critical infrastructure sectors should prioritize access controls until a patch becomes available.
Technical summary
The vulnerability exists in zap_modalias_env() within the Linux kernel's kobject_uevent implementation. The function incorrectly calculates the size of memory blocks to move when processing the MODALIAS environment variable. When MODALIAS is not the final variable in the environment block, this miscalculation causes memmove() to access memory outside the intended bounds. The fix corrects the size calculation passed to memmove(). This is a local vulnerability requiring low privileges with high availability impact potential.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Ensure only applications from trusted sources are built and executed on affected systems
- Monitor for security updates from Siemens for future patch availability
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Review and implement ICS-CERT recommended practices for securing industrial control systems
Evidence notes
Vulnerability description and affected product information derived from CISA CSAF advisory ICSA-24-102-01. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, requiring low privileges, resulting in high availability impact. Remediation status confirmed as 'none_available' in source advisory.
Official resources
-
CVE-2024-42292 CVE record
CVE.org
-
CVE-2024-42292 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public