PatchSiren cyber security CVE debrief
CVE-2025-21776 Siemens CVE debrief
CVE-2025-21776 is a publicly disclosed availability issue that the CISA/Siemens advisory maps to Siemens SIMATIC S7-1500 TM MFP - BIOS. The advisory says a test program can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer, and it lists no fix at publication time. Because the CVSS vector requires local access and high privileges, the main concern is targeted disruption on affected systems rather than remote compromise.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - BIOS
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-09-09
Who should care
Siemens SIMATIC S7-1500 TM MFP - BIOS owners and operators, OT/ICS administrators, and security teams that allow local application or test-program execution on these systems should pay attention. Environments that rely on tightly controlled software provenance should treat the vendor workaround as immediately relevant.
Technical summary
The supplied advisory text describes a USB hub handling flaw in which a test program can trigger usb_hub_to_struct_hub() to dereference a NULL or otherwise inappropriate pointer when presented with non-compliant devices that have too many configurations or interfaces. The stated CVSS vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating local access, high privileges, no user interaction, and availability-only impact. The remediation section in the source says there is currently no fix available and recommends only building and running applications from trusted sources.
Defensive priority
Medium priority: no fix was available in the source advisory, but exploitation requires local high privileges and the reported impact is availability-focused.
Recommended defensive actions
- Restrict local administrative access on affected Siemens systems and limit who can run applications or test programs.
- Follow the vendor workaround: only build and run applications from trusted sources.
- Monitor the Siemens and CISA advisory pages for a future fix or updated guidance.
- Apply CISA industrial-control-system defense-in-depth and recommended-practices guidance to reduce the impact of local faults and untrusted software.
- Review software provenance and change-control processes for any applications deployed to the affected product line.
Evidence notes
The source corpus is a CISA CSAF advisory (ICSA-25-072-03) published on 2025-03-11 and modified on 2025-09-09. It maps CVE-2025-21776 to Siemens SIMATIC S7-1500 TM MFP - BIOS, states that a test program can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer, and lists the remediation as "Currently no fix is available" with the workaround "Only build and run applications from trusted sources." The supplied CVSS vector is AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.
Official resources
-
CVE-2025-21776 CVE record
CVE.org
-
CVE-2025-21776 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA/Siemens advisory on 2025-03-11; the advisory was revised on 2025-09-09.