PatchSiren cyber security CVE debrief
CVE-2024-58020 Siemens CVE debrief
CVE-2024-58020 is a NULL pointer dereference vulnerability in the Linux kernel's HID multitouch driver, specifically in the `mt_input_configured` function. The vulnerability was published on April 9, 2024, and affects Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem. The flaw occurs when the multitouch input configuration fails to validate a pointer before dereferencing it, potentially leading to a local denial-of-service condition. With a CVSS 3.1 score of 5.5 (MEDIUM), the vulnerability requires local access and low privileges to exploit, with no impact to confidentiality or integrity but high availability impact. Siemens has not released a patch as of the last advisory update on May 14, 2026. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog, and no known ransomware campaigns have been associated with this issue. Organizations should apply the documented mitigations until a permanent fix becomes available.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP systems in industrial environments, OT security teams, critical infrastructure operators, and asset owners following IEC 62443 security practices should prioritize this vulnerability for mitigation planning.
Technical summary
A missing NULL check in the Linux kernel's HID multitouch driver function `mt_input_configured` can trigger a NULL pointer dereference when processing multitouch input configuration. This results in a local denial-of-service condition. The vulnerability affects the GNU/Linux subsystem on Siemens SIMATIC S7-1500 TM MFP programmable logic controllers. Exploitation requires local access with low privileges. No patch is currently available; mitigation relies on access controls and trusted application execution.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and execute only applications from trusted sources
- Monitor for future Siemens security advisories regarding patch availability
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-24-102-01 and Siemens security advisory SSA-265688. CVSS vector confirms local attack vector with low attack complexity. Remediation status confirmed as 'none_available' in source advisory with last update May 14, 2026.
Official resources
-
CVE-2024-58020 CVE record
CVE.org
-
CVE-2024-58020 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09