PatchSiren cyber security CVE debrief
CVE-2024-58085 Siemens CVE debrief
CVE-2024-58085 is a medium-severity vulnerability (CVSS 5.5) affecting the TOMOYO Linux security module's tomoyo_write_control() function. The issue involves improper input validation that could allow a local attacker to cause denial of service conditions. The vulnerability was published on April 9, 2024, and affects Siemens SIMATIC S7-1500 TM MFP industrial control systems running the GNU/Linux subsystem. CISA issued advisory ICSA-24-102-01 for this vulnerability. Siemens has not released a patch; mitigation requires restricting interactive shell access to trusted personnel and only running applications from trusted sources.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT security teams, and organizations using Siemens SIMATIC S7-1500 TM MFP programmable logic controllers with the GNU/Linux subsystem extension should prioritize this vulnerability. The affected product is used in manufacturing and critical infrastructure environments where availability is paramount. Security teams responsible for Linux kernel hardening on embedded industrial systems, as well as compliance officers tracking CISA ICS advisories, should monitor for vendor patches and implement recommended mitigations.
Technical summary
CVE-2024-58085 is an input validation vulnerability in the TOMOYO Linux security module's tomoyo_write_control() function. The flaw allows a local attacker with low privileges to trigger conditions that may cause denial of service. The vulnerability stems from improper handling of certain inputs that result in warning emissions. Affected systems include Siemens SIMATIC S7-1500 TM MFP devices with the GNU/Linux subsystem. The CVSS 3.1 score of 5.5 reflects local attack vector, low attack complexity, and high availability impact with no confidentiality or integrity effects. No patch is currently available from Siemens.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
- Only build and execute applications from trusted, verified sources on affected systems
- Monitor for anomalous local process behavior or unexpected system warnings that may indicate exploitation attempts
- Apply vendor patches when Siemens releases updates for this vulnerability
- Implement network segmentation to limit access to industrial control systems running the affected GNU/Linux subsystem
Evidence notes
The vulnerability description indicates this is a Linux kernel TOMOYO security module issue where tomoyo_write_control() improperly handles certain inputs, potentially leading to warning emissions that could be exploited for denial of service. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity, requiring low privileges but resulting in high availability impact.
Official resources
-
CVE-2024-58085 CVE record
CVE.org
-
CVE-2024-58085 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09