PatchSiren cyber security CVE debrief
CVE-2024-58017 Siemens CVE debrief
A signed integer overflow vulnerability exists in the Linux kernel printk subsystem when defining LOG_BUF_LEN_MAX. This flaw affects the GNU/Linux subsystem of Siemens SIMATIC S7-1500 TM MFP industrial control devices. The vulnerability is classified as MEDIUM severity with a CVSS 3.1 score of 5.5, indicating local attack vector with low attack complexity and low privileges required. The overflow condition can lead to availability impacts on affected systems. This CVE was first published on April 9, 2024, and the advisory has been updated multiple times through September 2025 as additional related vulnerabilities were identified in the same product line. No patch is currently available from the vendor.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP devices in industrial environments, OT security teams, ICS/SCADA administrators, and critical infrastructure operators should prioritize this vulnerability for risk assessment and mitigation planning.
Technical summary
The vulnerability stems from a signed integer overflow in the Linux kernel's printk function when the LOG_BUF_LEN_MAX macro is defined. This affects the GNU/Linux subsystem running on Siemens SIMATIC S7-1500 TM MFP programmable logic controllers. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector where an attacker with low privileges can trigger high availability impact. The flaw is categorized under CWE-190 (Integer Overflow or Wraparound). As of the latest advisory update in September 2025, no vendor patch is available. Mitigation relies on access controls and trusted application execution.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run only applications from trusted sources
- Monitor for future vendor security updates from Siemens
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Review and implement ICS-CERT recommended practices for securing industrial control systems
Evidence notes
Vulnerability confirmed in CISA ICS advisory ICSA-24-102-01 and Siemens security advisory SSA-265688. CVSS vector confirms local attack scope with availability impact. CWE-190 (Integer Overflow or Wraparound) classification applies.
Official resources
-
CVE-2024-58017 CVE record
CVE.org
-
CVE-2024-58017 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09