PatchSiren cyber security CVE debrief
CVE-2024-57986 Siemens CVE debrief
CVE-2024-57986 is a vulnerability in the Linux kernel's HID (Human Interface Device) core subsystem. The flaw stems from an incorrect assumption that Resolution Multipliers must be located within Logical Collections in HID report descriptors. This assumption can lead to improper input handling and potential denial of service conditions when processing malformed HID reports. The vulnerability was published on April 9, 2024, and affects Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem. CISA has issued advisory ICSA-24-102-01 covering this vulnerability. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, low privileges required, and high availability impact with no confidentiality or integrity impact. No fix is currently available from the vendor.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled. OT security teams, ICS asset owners, and critical infrastructure operators in manufacturing, energy, and process industries should prioritize access controls given the absence of an available patch. System integrators and maintenance personnel with interactive shell access to these devices are particularly relevant to the attack surface. CISA's advisory indicates this affects industrial environments where defense-in-depth strategies are essential.
Technical summary
The vulnerability exists in the HID (Human Interface Device) core implementation in the Linux kernel. The code incorrectly assumes that Resolution Multiplier features must always be contained within Logical Collections in HID report descriptors. When HID reports contain Resolution Multipliers outside of Logical Collections, the kernel's input handling may behave unexpectedly, potentially causing system instability or denial of service. This affects the GNU/Linux subsystem on Siemens SIMATIC S7-1500 TM MFP programmable logic controllers. The vulnerability requires local access and low privileges to exploit, with impact limited to availability (no confidentiality or integrity impact per CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Defensive priority
medium
Recommended defensive actions
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for vendor security updates from Siemens CERT portal
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Review and implement ICS-CERT recommended practices for securing industrial control systems
Evidence notes
Vulnerability description and affected product information derived from CISA CSAF advisory ICSA-24-102-01. CVSS vector confirms local attack vector with availability impact. Vendor remediation status explicitly states 'Currently no fix is available'.
Official resources
-
CVE-2024-57986 CVE record
CVE.org
-
CVE-2024-57986 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09