PatchSiren cyber security CVE debrief
CVE-2024-6387 Siemens CVE debrief
CVE-2024-6387 is a high-severity OpenSSH server regression that Siemens and CISA associate with selected SIMATIC S7-1500 CPU family products. The issue is a race condition in sshd signal handling that an unauthenticated remote attacker may be able to trigger by failing to authenticate within a set time period. The supplied advisory states that no fix is currently available for the affected Siemens products, so exposure reduction and strict access control are the primary defenses.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
OT and ICS operators using the affected Siemens SIMATIC S7-1500 CPU 1518/1518F MFP variants, defenders responsible for the additional GNU/Linux subsystem interactive shell, and teams managing remote access paths into industrial control environments.
Technical summary
The advisory describes a security regression in OpenSSH's server (sshd), linked to CVE-2006-5051, where a race condition can cause unsafe signal handling. The stated trigger is an unauthenticated remote attacker causing repeated authentication failure within a timing window. Siemens' remediation guidance for the affected products focuses on limiting access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel and only building/running applications from trusted sources; the advisory also states that currently no fix is available.
Defensive priority
High priority. Because the issue is remotely triggerable without authentication and the advisory indicates no available fix for the affected Siemens products, organizations should prioritize access restriction, exposure review, and compensating controls.
Recommended defensive actions
- Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on the affected systems.
- Review whether the affected SIMATIC S7-1500 CPU variants are exposed to untrusted network access paths.
- Apply Siemens and CISA guidance from the linked advisories and monitor for future vendor updates.
- Treat the affected systems as needing compensating controls because the supplied advisory states that no fix is currently available.
Evidence notes
CISA's CSAF advisory ICSA-25-162-05 identifies the affected Siemens SIMATIC S7-1500 CPU family products and records the OpenSSH sshd race condition description. The supplied remediation entries explicitly say to limit interactive-shell access and to use trusted sources only, and they also state that currently no fix is available. The supplied enrichment marks this as not a KEV-listed issue.
Official resources
-
CVE-2024-6387 CVE record
CVE.org
-
CVE-2024-6387 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published in the supplied source corpus on 2025-06-10 and last updated on 2026-05-14. The advisory history shows later CISA republications based on Siemens ProductCERT SSA-082556. No CISA KEV date is supplied.