PatchSiren cyber security CVE debrief
CVE-2024-57996 Siemens CVE debrief
CVE-2024-57996 is a local denial-of-service issue in the Linux net_sched sch_sfq path that Siemens reported for specific SIMATIC S7-1500 CPU models with an additional GNU/Linux subsystem. The advisory says an incorrectly handled packet limit of 1 can trigger an array-index-out-of-bounds condition and crash when queue length is decremented for an empty slot. Siemens/CISA list no fix as available at publication time and recommend restricting access to the subsystem shell and only running trusted applications.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Industrial automation teams, OT/ICS operators, and administrators responsible for the affected Siemens SIMATIC S7-1500 CPU models, especially where the additional GNU/Linux subsystem is used or its interactive shell is accessible.
Technical summary
The source advisory attributes the issue to net_sched: sch_sfq, where a packet limit of 1 is handled incorrectly. Under the described condition, queue bookkeeping can reach an empty slot and a queue-length decrement can cause an array-index-out-of-bounds error, leading to a crash. The advisory assigns CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local availability impact rather than confidentiality or integrity impact. Affected products are the listed Siemens SIMATIC S7-1500 CPU 1518-4/1518F-4 PN/DP MFP variants and the SIPLUS variant named in the CSAF advisory.
Defensive priority
Medium. The flaw is local and availability-focused, but it affects industrial control hardware and the advisory states no fix is available, so mitigations and access control deserve prompt attention.
Recommended defensive actions
- Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on the affected devices.
- Limit which users can reach or use the subsystem and review whether the GNU/Linux subsystem is needed at all in your deployment.
- Track Siemens ProductCERT / CISA advisory updates for any future remediation guidance.
- Validate that affected SIMATIC S7-1500 CPU models listed in the advisory are present in your asset inventory and prioritize them for compensating controls.
Evidence notes
Directly supported by the supplied CISA CSAF source item and referenced Siemens advisory: the issue is described as a net_sched/sch_sfq packet-limit-1 handling flaw causing an array-index-out-of-bounds and crash; the affected products are the five listed Siemens SIMATIC S7-1500 CPU variants; remediations include restricting shell access and trusting application sources; the advisory also states that no fix is currently available. Timing context uses the supplied CVE/source publication date of 2025-06-10 and latest source modification date of 2026-05-14.
Official resources
-
CVE-2024-57996 CVE record
CVE.org
-
CVE-2024-57996 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through the CISA/Siemens advisory on 2025-06-10; the supplied advisory history shows later republication updates through 2026-05-14, with no fix available noted in the advisory data.