PatchSiren cyber security CVE debrief
CVE-2024-57940 Siemens CVE debrief
CVE-2024-57940 describes a denial-of-service condition in exfat_readdir() where a corrupted exFAT filesystem can trigger an infinite loop. In the reported scenario, a cluster links to itself and an unused directory entry prevents dentry from advancing, so the loop condition never terminates. The result can be that s_lock is never released and other tasks, such as exfat_sync_fs(), hang. The supplied CISA advisory maps this issue to Siemens SIMATIC S7-1500 TM MFP - BIOS and states that no fix is currently available.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - BIOS
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-09-09
Who should care
Siemens SIMATIC S7-1500 TM MFP - BIOS operators, OT/ICS administrators, system integrators, and anyone responsible for software or removable-media handling on affected industrial systems should review this issue. Because the impact is loss of availability, teams that rely on uninterrupted filesystem and sync behavior should pay particular attention.
Technical summary
The advisory text says a corrupted exFAT filesystem can form a self-referential cluster chain. If an unused directory entry is present in that cluster, dentry may not increment in exfat_readdir(), defeating the loop bound check (dentry < max_dentries) and creating an infinite loop. The lock s_lock remains held during the hang, which can block other filesystem operations. The supplied CVSS vector reflects local attack conditions and availability impact only: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Defensive priority
Medium. The published CVSS score is 5.5, but the operational impact can be significant in OT environments because the bug can hang filesystem activity and other tasks. Prioritize if the affected Siemens product is in active use or if untrusted/corrupted storage can be introduced.
Recommended defensive actions
- Review Siemens advisory SSA-503939 and CISA advisory ICSA-25-072-03 for the current affected-product and remediation status.
- Plan for operational mitigation now, because the supplied advisory says no fix is currently available.
- Apply the listed workaround: only build and run applications from trusted sources.
- Follow CISA ICS recommended practices and defense-in-depth guidance to reduce the impact of local hangs and limit exposure of critical OT assets.
- Monitor Siemens and CISA updates for a vendor fix or revised guidance before making any change-control decisions.
Evidence notes
The supplied source corpus is a CISA CSAF advisory published on 2025-03-11 and modified on 2025-09-09. It identifies Siemens SIMATIC S7-1500 TM MFP - BIOS as the affected product and provides the issue description, CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and remediation status. The advisory states that no fix is available and gives a trusted-sources workaround. No KEV listing was supplied for this CVE.
Official resources
-
CVE-2024-57940 CVE record
CVE.org
-
CVE-2024-57940 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-25-072-03 on 2025-03-11; the advisory was modified on 2025-09-09. The supplied data does not indicate a KEV listing for this CVE.