PatchSiren cyber security CVE debrief
CVE-2025-38342 Siemens CVE debrief
CVE-2025-38342 is a Linux kernel software-node bounds-check flaw that can let malformed property data trigger out-of-bounds access in software_node_get_reference_args(). In the supplied advisory corpus, CISA and Siemens map the issue to several SIMATIC S7-1500 CPU family products and state that no fix is available in the referenced release, so operators should rely on mitigations and access restrictions until vendor guidance changes.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
OT/ICS operators, plant engineers, and security teams responsible for the affected Siemens SIMATIC S7-1500 CPU family, especially deployments using the GNU/Linux subsystem or local application access paths called out in the advisory.
Technical summary
The vulnerability is described as an incorrect out-of-bounds length check in software_node_get_reference_args(). The function is intended to fetch the @index-th element of a property, but the existing check does not guarantee that the property buffer is large enough for '(index + 1) * sizeof(*ref)' bytes. On malformed input, this can permit out-of-bounds access; the described fix changes the check to '((index + 1) * sizeof(*ref) > prop->length)'. The supplied CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H, indicating a local issue with high confidentiality and availability impact.
Defensive priority
High. The CVSS score is 7.1 and the advisory context is industrial control equipment, where even local memory-safety flaws can matter if an attacker gains interactive access or can run untrusted software on the affected subsystem. Treat this as a prompt to tighten access and watch for a vendor patch or revised guidance.
Recommended defensive actions
- Inventory all affected Siemens SIMATIC S7-1500 CPU family products in scope and confirm whether the GNU/Linux subsystem is enabled or exposed.
- Restrict interactive shell access to trusted personnel only, consistent with the advisory remediation.
- Only build and run applications from trusted sources on affected systems.
- Apply least-privilege controls for local access and review who can obtain shell or application execution rights on the affected subsystem.
- Monitor Siemens ProductCERT and CISA advisory updates for the availability of a fix or revised mitigation guidance.
Evidence notes
The supplied corpus identifies CVE-2025-38342 in CISA CSAF ICSA-25-162-05 and Siemens SSA-082556. The advisory describes an OOB check error in software_node_get_reference_args(), lists five affected Siemens product identifiers, assigns CVSS 3.1 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), and includes remediation text stating that no fix is currently available in the provided record.
Official resources
-
CVE-2025-38342 CVE record
CVE.org
-
CVE-2025-38342 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied CVE record was published on 2025-06-10 and last modified on 2026-05-14. The corresponding CISA CSAF advisory shares the same initial publication date and shows later republished updates; no KEV listing is present in the given/t