PatchSiren cyber security CVE debrief
CVE-2024-42306 Siemens CVE debrief
A vulnerability in the Linux kernel's UDF (Universal Disk Format) filesystem implementation could allow a local attacker to cause a denial of service condition. The issue stems from improper handling of corrupted block bitmap buffers in the UDF filesystem driver. When processing a malformed UDF filesystem image, the kernel may use a corrupted block bitmap buffer, leading to potential system instability or crash. This vulnerability affects Siemens SIMATIC S7-1500 TM MFP industrial control systems that utilize the GNU/Linux subsystem. The vulnerability requires local access with low privileges and has no impact on confidentiality or integrity, but can result in high availability impact through denial of service.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled should prioritize this vulnerability. System administrators responsible for securing OT/ICS environments, particularly those with Linux-based subsystems on industrial controllers, should assess exposure. Security teams in manufacturing, process control, and critical infrastructure sectors using affected Siemens equipment should implement recommended mitigations while awaiting vendor fixes.
Technical summary
The UDF (Universal Disk Format) filesystem driver in the Linux kernel contained a vulnerability where corrupted block bitmap buffers could be used during filesystem operations. This flaw could be triggered by mounting a maliciously crafted UDF filesystem image, potentially causing kernel crashes or system instability. The vulnerability is classified as CWE-20 (Improper Input Validation). The attack requires local access with low privileges and has low attack complexity, but no user interaction is required. The primary impact is denial of service (availability) with no confidentiality or integrity impact.
Defensive priority
medium
Recommended defensive actions
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for security updates from Siemens for the SIMATIC S7-1500 TM MFP GNU/Linux subsystem
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Review and implement ICS-CERT recommended practices for securing industrial control systems
Evidence notes
The vulnerability description indicates this was resolved in the Linux kernel with a fix for the UDF filesystem driver. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity and low privileges required, resulting in high availability impact. The source advisory (ICSA-24-102-01) from CISA provides official government confirmation of this vulnerability affecting Siemens industrial control systems.
Official resources
-
CVE-2024-42306 CVE record
CVE.org
-
CVE-2024-42306 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2024-42306 was published on April 9, 2024, and last modified on May 14, 2026. The vulnerability was resolved in the Linux kernel with a fix to avoid using corrupted block bitmap buffers in the UDF filesystem implementation.