PatchSiren cyber security CVE debrief
CVE-2024-58005 Siemens CVE debrief
CVE-2024-58005 is a Siemens advisory item for the SIMATIC S7-1500 CPU family that affects several MFP variants. The source advisory describes the issue only briefly, but it assigns a CVSS v3.1 score of 5.5 with a local, low-privilege attack vector and high availability impact. At the time of publication, Siemens reported no fix available, so the immediate defense is to restrict access to the additional GNU/Linux subsystem and only permit trusted applications.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
OT and ICS operators using the affected Siemens SIMATIC S7-1500 CPU 1518-4/1518F-4 PN/DP MFP variants and the SIPLUS variant, especially teams that allow access to the device’s additional GNU/Linux subsystem or its interactive shell.
Technical summary
The advisory ties CVE-2024-58005 to the Siemens SIMATIC S7-1500 CPU family and notes a change to kvalloc() in eventlog/acpi.c. The published CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local issue requiring low privileges and no user interaction, with impact limited to availability. The source remediation text specifically calls out limiting interactive shell access in the additional GNU/Linux subsystem and only building/running trusted applications. No vendor fix was available in the cited advisory.
Defensive priority
Medium. The issue is local and requires low privileges, but it can materially affect availability in an OT/ICS context and the advisory states that no fix was available at publication.
Recommended defensive actions
- Restrict interactive shell access to the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on affected devices.
- Apply the Siemens/CISA advisory guidance for the affected SIMATIC S7-1500 CPU MFP variants.
- Review who has local access and low-privilege accounts on affected systems, since the vulnerability is locally reachable.
- Monitor Siemens ProductCERT and CISA advisory updates for any future fix or revised mitigation guidance.
Evidence notes
Source evidence comes from the CISA CSAF republication of Siemens advisory SSA-082556 (ICSA-25-162-05), which lists the affected Siemens product variants, the CVSS vector 5.5/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and remediations stating that no fix is currently available. The remediation text explicitly mentions limiting access to the interactive shell of the additional GNU/Linux subsystem and only running trusted applications. The source description for this CVE is sparse ('tpm: Change to kvalloc() in eventlog/acpi.c.'), so this debrief avoids inferring unconfirmed exploit mechanics.
Official resources
-
CVE-2024-58005 CVE record
CVE.org
-
CVE-2024-58005 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-06-10, with the latest cited CISA republication update on 2026-05-14. The advisory states that no fix was available at the time of publication.