CVE-2025-21787 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP controllers in industrial environments, particularly those utilizing the GNU/Linux subsystem for custom applications. OT security teams, plant engineers, and asset owners in manufacturing, process control, and critical infrastructure sectors should prioritize access controls given the absence of a security patch.

Technical summary

The vulnerability exists in the GNU/Linux subsystem of the Siemens SIMATIC S7-1500 TM MFP industrial controller. Insufficient validation of TEAM_OPTION_TYPE_STRING parameters can be exploited by a locally authenticated attacker with low privileges to cause a denial-of-service condition. The attack requires no user interaction and has no confidentiality or integrity impact, but results in high availability impact. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for future Siemens security advisories for patch availability
• Apply defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

CVE published 2024-04-09 per CISA CSAF source ICSA-24-102-01. Advisory modified 2026-05-14. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with availability impact. No fix available per remediation data.

Official resources