PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-69421 Siemens CVE debrief

A NULL pointer dereference vulnerability exists in OpenSSL's PKCS12_item_decrypt_d2i_ex() function when processing malformed PKCS#12 files. The function fails to validate whether the oct parameter is NULL before dereferencing it. When PKCS12_unpack_p7encdata() passes a malformed PKCS#12 file, this parameter can be NULL, resulting in a crash. The vulnerability is confined to Denial of Service and cannot be leveraged for code execution or memory disclosure. Attackers must supply a malformed PKCS#12 file to a vulnerable application to trigger the issue. OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1, and 1.0.2 are affected. FIPS modules in versions 3.6, 3.5, 3.4, 3.3, and 3.0 are not affected because PKCS#12 implementation falls outside the FIPS module boundary. Siemens SIMATIC S7-1500 TM MFP GNU/Linux subsystem is identified as an affected product. The issue was published on 2024-04-09 and last modified on 2026-05-14.

Vendor
Siemens
Product
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2024-04-09
Original CVE updated
2026-05-14
Advisory published
2024-04-09
Advisory updated
2026-05-14

Who should care

Organizations running Siemens SIMATIC S7-1500 TM MFP with GNU/Linux subsystem, industrial control system operators using affected OpenSSL versions, and security teams managing PKCS#12 certificate processing pipelines.

Technical summary

The PKCS12_item_decrypt_d2i_ex() function in OpenSSL lacks NULL pointer validation for the oct parameter. When processing malformed PKCS#12 files through PKCS12_unpack_p7encdata(), a NULL dereference occurs causing application crash. Impact is limited to availability (DoS) with no confidentiality or integrity impact. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

medium

Recommended defensive actions

  • Restrict access to the GNU/Linux subsystem interactive shell to trusted personnel only
  • Build and run applications exclusively from trusted sources
  • Monitor for application crashes when processing PKCS#12 files
  • Apply vendor patches when available for affected OpenSSL versions
  • Validate PKCS#12 file integrity before processing in critical applications

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-24-102-01, which references Siemens security advisory SSA-265688. The advisory confirms affected OpenSSL versions and FIPS module exclusions. Siemens product identification comes from CSAF product tree with high confidence.

Official resources

public