CVE-2024-58072 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial controllers with the GNU/Linux subsystem enabled, particularly in critical infrastructure environments. Security teams responsible for OT/ICS environments, system integrators deploying these controllers, and compliance officers tracking unpatched vulnerabilities in industrial assets should prioritize this issue for risk assessment and compensating control implementation.

Technical summary

This vulnerability exists in the rtlwifi Linux kernel Wi-Fi driver related to the removal of an unused check_buddy_priv function. The issue affects the GNU/Linux subsystem included in Siemens SIMATIC S7-1500 TM MFP industrial controllers. Exploitation requires local access with high privileges and high attack complexity, but successful exploitation could lead to complete compromise of confidentiality, integrity, and availability of the affected system. No software patch is currently available; mitigation relies on access controls and operational security practices.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for future security updates from Siemens for this product
• Apply defense-in-depth strategies for industrial control systems per CISA guidance
• Review and implement ICS-CERT recommended practices for securing industrial control systems

Evidence notes

The vulnerability description indicates this is a Linux kernel Wi-Fi driver issue (rtlwifi: remove unused check_buddy_priv). The CVSS vector (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) confirms local attack vector with high privileges required. Siemens has confirmed no fix is available as of the last advisory update. The affected product is specifically the GNU/Linux subsystem component of the SIMATIC S7-1500 TM MFP industrial controller.

Official resources