CVE-2024-45018 Siemens CVE debrief

Who should care

Industrial control system operators, OT security teams, and organizations deploying Siemens SIMATIC S7-1500 TM MFP programmable logic controllers in manufacturing, process control, or critical infrastructure environments

Technical summary

The vulnerability exists in the Linux kernel's netfilter flowtable subsystem where the extack (extended ACK) structure is not properly initialized before use in flow offload operations. This missing initialization (CWE-456) in kernel networking code can result in undefined behavior with potential availability impact. The flaw is local to the system, requiring low privileges but no user interaction. Affected systems use the GNU/Linux subsystem within Siemens SIMATIC S7-1500 TM MFP industrial PLCs. No patch is currently available from the vendor.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
• Build and run only applications from trusted sources
• Monitor for future Siemens security advisories regarding patch availability
• Apply defense-in-depth practices for industrial control system environments

Evidence notes

The vulnerability description indicates missing initialization of extack in netfilter flowtable flow offload operations. CVSS vector confirms local attack vector with low attack complexity and high availability impact. Siemens CSAF advisory ICSA-24-102-01 (updated through September 2025) documents affected product and remediation status. No fix available per vendor remediation statement.

Official resources