PatchSiren cyber security CVE debrief
CVE-2024-47735 Siemens CVE debrief
CVE-2024-47735 is a MEDIUM-severity vulnerability (CVSS 5.5) affecting the RDMA/hns driver in the Linux kernel, specifically impacting Siemens SIMATIC S7-1500 TM MFP's GNU/Linux subsystem. The flaw involves incorrect locking primitives: spin_lock_irq()/spin_unlock_irq() were used while spin_lock_irqsave()/spin_unlock_irqrestore() was already held, which can lead to deadlock conditions or interrupt handling issues. Published on 2024-04-09 and last modified on 2026-05-14, this vulnerability has been tracked through multiple advisory updates by CISA, with the most recent additions in September 2025. The vulnerability requires local access with low privileges and no user interaction, resulting in high availability impact. No patch is currently available from Siemens.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial controllers with enabled GNU/Linux subsystems should prioritize access controls and monitoring until a patch becomes available. Security teams in manufacturing, process control, and critical infrastructure sectors using this hardware should assess exposure and implement compensating controls.
Technical summary
The vulnerability exists in the RDMA (Remote Direct Memory Access) hns (HiSilicon Network Subsystem) driver where improper use of interrupt-disabling spinlock functions creates a locking inconsistency. When spin_lock_irqsave()/spin_unlock_irqrestore() is already held, subsequent use of spin_lock_irq()/spin_unlock_irq() can corrupt interrupt state tracking, potentially causing system deadlocks or unpredictable interrupt behavior. This affects the GNU/Linux subsystem on Siemens SIMATIC S7-1500 TM MFP industrial controllers, which use this kernel driver for network functionality.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for future Siemens security advisories for patch availability
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
Evidence notes
The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-24-102-01, which has undergone ten revision updates since initial publication. The advisory explicitly states 'Currently no fix is available' for this vulnerability. The CVSS vector confirms local attack vector with low attack complexity and high availability impact.
Official resources
-
CVE-2024-47735 CVE record
CVE.org
-
CVE-2024-47735 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09