PatchSiren cyber security CVE debrief
CVE-2025-69418 Siemens CVE debrief
A cryptographic vulnerability in OpenSSL's low-level OCB API affects the Siemens SIMATIC S7-1500 TM MFP GNU/Linux subsystem. When using hardware-accelerated code paths (AES-NI), inputs with lengths not divisible by 16 bytes leave trailing 1-15 bytes unencrypted and unauthenticated. The root cause is that the hardware-accelerated stream path processes full 16-byte blocks without advancing input/output pointers, causing tail-handling code to reprocess buffer beginnings while leaving actual trailing bytes untouched. The authentication checksum similarly excludes true tail bytes. This exposes cleartext data and allows undetected tampering with trailing bytes. Higher-level EVP API users and TLS are unaffected, as are FIPS modules (OCB is not FIPS-approved). The vulnerability requires direct calls to CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() with non-block-aligned lengths. Siemens has not released a patch; mitigations focus on access restriction and trusted application sourcing.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Operators of Siemens SIMATIC S7-1500 TM MFP systems utilizing the GNU/Linux subsystem; developers implementing custom cryptographic solutions with OpenSSL's low-level OCB API; industrial control system security teams managing embedded Linux environments; compliance officers tracking cryptographic implementation vulnerabilities in OT environments
Technical summary
The vulnerability resides in OpenSSL's hardware-accelerated OCB implementation. When CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() is called directly with input lengths not aligned to 16 bytes, the AES-NI code path processes full blocks but fails to advance pointers. Subsequent tail processing operates on original base pointers, reprocessing initial buffer content while actual trailing bytes remain unencrypted and excluded from authentication. This affects confidentiality and integrity of final partial blocks. The flaw does not manifest in EVP-layer usage or TLS, which handle block/partial-block separation correctly. FIPS modules are unaffected as OCB is non-FIPS. OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0, and 1.1.1 are vulnerable; 1.0.2 is not. Siemens has not issued a patch for the SIMATIC S7-1500 TM MFP GNU/Linux subsystem as of the 2026-05-14 advisory modification.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run only applications from trusted sources
- Monitor for vendor security updates from Siemens CERT portal
- Review application code for direct use of CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() with non-block-aligned inputs
- Assess cryptographic implementations for reliance on low-level OCB API versus higher-level EVP interfaces
Evidence notes
CVE published 2024-04-09 per CISA CSAF advisory ICSA-24-102-01. Modified 2026-05-14. Siemens CSAF advisory SSA-265688 cross-referenced. CVSS 4.0 (Medium) from source. No KEV listing.
Official resources
-
CVE-2025-69418 CVE record
CVE.org
-
CVE-2025-69418 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09