PatchSiren cyber security CVE debrief
CVE-2024-57981 Siemens CVE debrief
CVE-2024-57981 is a medium-severity availability vulnerability described as a NULL pointer dereference in xHCI command-abort handling. The advisory was published on 2025-03-11 and later updated on 2025-09-09. In the supplied CSAF advisory, Siemens maps the issue to SIMATIC S7-1500 TM MFP - BIOS and states that no fix is currently available.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - BIOS
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-09-09
Who should care
Organizations operating the affected Siemens SIMATIC S7-1500 TM MFP - BIOS environment, especially teams responsible for OT asset management, system hardening, and maintenance planning, should review this advisory. Security teams should also care if they rely on local privilege boundaries or assume command-abort stability in USB/xHCI-related paths.
Technical summary
The advisory describes a race/logic flaw in xHCI ring handling during command aborts. If a command reaches the final usable TRB in a ring segment, the enqueue pointer advances to the next link TRB. If that command is later aborted, abort completion advances the dequeue pointer to the first TRB of the next segment. When no new commands are queued, xhci_handle_stopped_cmd_ring() can misread the ring state as having a pending command and call xhci_mod_cmd_timer() with cur_cmd == NULL, leading to a NULL pointer dereference and denial of service. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Defensive priority
Medium. The issue is locally reachable, requires low privileges, and impacts availability only, but it can still create a crash/DoS condition in an OT-adjacent platform where stability matters.
Recommended defensive actions
- Track Siemens product-cert and CISA advisory updates for the affected product.
- Plan for maintenance windows and recovery procedures because the advisory states that no fix is available at publication.
- Apply vendor guidance and reduce exposure to untrusted local code execution or low-privilege access where feasible.
- Use defense-in-depth controls for industrial systems, including least privilege and trusted-software-only practices.
- Validate whether the affected SIMATIC S7-1500 TM MFP - BIOS component is present in your environment before prioritizing remediation.
Evidence notes
The debrief is based only on the supplied CISA CSAF advisory and linked official references. The advisory text explicitly describes the xHCI NULL pointer dereference, maps the CVE to Siemens SIMATIC S7-1500 TM MFP - BIOS, and lists remediation as "Currently no fix is available." The CVSS vector in the source indicates local, low-privilege, no-user-interaction availability impact only. The source corpus also includes a Siemens product-security JSON and HTML advisory plus the CISA ICS advisory for corroboration.
Official resources
-
CVE-2024-57981 CVE record
CVE.org
-
CVE-2024-57981 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory published 2025-03-11 and updated 2025-09-09. The source corpus does not list an available fix at publication time.