CVE-2024-57913 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP systems with the GNU/Linux subsystem enabled should assess their exposure. System administrators responsible for industrial control system security and personnel managing USB gadget configurations in embedded Linux environments should prioritize access controls until a patch becomes available.

Technical summary

CVE-2024-57913 is a vulnerability in the Linux kernel's USB gadget functionfs_bind implementation. The issue was resolved by removing a WARN_ON macro that could trigger under certain conditions. The vulnerability affects the GNU/Linux subsystem of the Siemens SIMATIC S7-1500 TM MFP industrial control system. Exploitation requires local access with low privileges and high attack complexity, resulting in a CVSS 3.1 score of 4.7 (MEDIUM). The primary impact is availability degradation (denial of service) with no confidentiality or integrity impact.

Defensive priority

medium

Recommended defensive actions

• Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for future vendor security updates from Siemens

Evidence notes

The vulnerability is documented in CISA ICS advisory ICSA-24-102-01, which references Siemens security advisory SSA-265688. The issue was resolved in the upstream Linux kernel by removing the WARN_ON in functionfs_bind.

Official resources