PatchSiren cyber security CVE debrief
CVE-2024-58016 Siemens CVE debrief
CVE-2024-58016 is a medium-severity vulnerability (CVSS 5.5) affecting the SafeSetID Linux Security Module (LSM), specifically impacting the GNU/Linux subsystem within Siemens SIMATIC S7-1500 TM MFP industrial control systems. The vulnerability stems from insufficient validation of policy write sizes in the safesetid module, which could allow local attackers to cause denial-of-service conditions. Published on April 9, 2024, and last modified on May 14, 2026, this issue has been tracked through CISA's ICS advisory ICSA-24-102-01, which has undergone multiple revisions adding numerous related CVEs through September 2025. The vulnerability requires local access with low privileges and no user interaction, making it exploitable by authenticated users with shell access to the GNU/Linux subsystem. Siemens has not released a patch as of the advisory's latest update, classifying this as a 'none_available' remediation status. The affected product is specifically the GNU/Linux subsystem component of the SIMATIC S7-1500 TM MFP, not the main PLC runtime. Organizations should implement strict access controls to the interactive shell and only execute trusted applications to mitigate risk.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP systems with the GNU/Linux subsystem enabled, particularly those allowing interactive shell access or custom application deployment. OT security teams, ICS asset owners, and personnel responsible for defense-in-depth strategies in manufacturing and critical infrastructure environments.
Technical summary
The SafeSetID Linux Security Module fails to properly validate the size of policy writes, potentially allowing local users with low privileges to trigger denial-of-service conditions. The vulnerability exists in the GNU/Linux subsystem of Siemens SIMATIC S7-1500 TM MFP, which provides an embedded Linux environment separate from the main PLC runtime. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with high availability impact but no confidentiality or integrity impact. No software update is currently available from the vendor.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Implement application whitelisting to ensure only trusted sources are built and executed
- Monitor for anomalous local activity within the GNU/Linux subsystem
- Apply defense-in-depth strategies per ICS-CERT recommended practices
- Subscribe to Siemens ProductCERT and CISA ICS advisories for patch availability updates
Evidence notes
Vulnerability description and CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirm local attack vector with availability impact only. CISA CSAF source ICSA-24-102-01 provides authoritative vendor attribution to Siemens and product identification. Remediation status explicitly marked 'none_available' with mitigation guidance for access restriction. Timeline data derived from CVE published/modified dates and CSAF revision history showing ongoing advisory maintenance through Additional Release 9 (2025-09-09).
Official resources
-
CVE-2024-58016 CVE record
CVE.org
-
CVE-2024-58016 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09