PatchSiren cyber security CVE debrief
CVE-2024-50246 Siemens CVE debrief
CVE-2024-50246 was published by CISA on 2025-06-10 as part of Siemens advisory ICSA-25-162-05 / SSA-082556. The source description ties the issue to a Linux kernel fs/ntfs3 attr alloc_size check, while the Siemens advisory scope covers specific SIMATIC S7-1500 CPU family products with an additional GNU/Linux subsystem. At publication, Siemens stated no fix was available and recommended limiting shell access and only running trusted applications.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Organizations operating the affected Siemens SIMATIC S7-1500 CPU family products, especially deployments that use the additional GNU/Linux subsystem or provide interactive shell access. Security teams that manage industrial control systems should treat this as a high-priority advisory because the CVSS vector indicates local, low-privilege exploitation with high confidentiality, integrity, and availability impact.
Technical summary
The source material describes a Linux kernel vulnerability resolved as a rough attr alloc_size check in fs/ntfs3. In the Siemens advisory context, the affected products are five SIMATIC S7-1500 CPU variants. The published CVSS is 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a locally exploitable issue requiring low privileges and no user interaction, with potentially severe impact. The advisory also states that no fix was available at the time of publication.
Defensive priority
High. The advisory affects industrial products and the severity rating is HIGH, with no available fix stated in the source. Prioritize exposure reduction and access restrictions while monitoring for vendor updates.
Recommended defensive actions
- Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on affected devices.
- Review whether any affected SIMATIC S7-1500 CPU variants are deployed in your environment and map them to the advisory scope.
- Apply compensating controls from CISA and Siemens ICS recommended practices to reduce local access and execution risk.
- Monitor Siemens ProductCERT and CISA republished advisory updates for a corrective fix or additional mitigation guidance.
Evidence notes
This debrief uses only the supplied advisory corpus. Evidence in the source item states: (1) the issue is CVE-2024-50246, (2) the description is 'In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr alloc_size check,' (3) the affected products are five Siemens SIMATIC/SIPLUS S7-1500 CPU variants, (4) remediation says 'Currently no fix is available,' and (5) mitigation guidance includes limiting shell access and running only trusted applications. The CVSS vector provided in the source is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2024-50246 CVE record
CVE.org
-
CVE-2024-50246 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-06-10. The source advisory history shows later republication updates through 2026-05-14, which should be treated as advisory revision dates, not the original issue date.