PatchSiren cyber security CVE debrief
CVE-2026-22795 Siemens CVE debrief
A type confusion vulnerability in PKCS#12 parsing code allows an invalid or NULL pointer dereference when processing malformed PKCS#12 files, resulting in Denial of Service. The vulnerability stems from accessing an ASN1_TYPE union member without first validating the type. The pointer manipulation is constrained to a 1-byte address space (0x00-0xFF), corresponding to the zero page which is unmapped on most modern operating systems, reliably causing crashes. Exploitation requires processing a maliciously crafted PKCS#12 file, which is uncommon in practice as PKCS#12 files typically store trusted private keys. The issue affects OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, and 1.1.1; OpenSSL 1.0.2 and FIPS modules in 3.5, 3.4, 3.3, and 3.0 are not affected. Siemens SIMATIC S7-1500 TM MFP GNU/Linux subsystem is affected. No fix is currently available.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP systems with GNU/Linux subsystems, particularly in industrial control environments where PKCS#12 files may be processed. Security teams should assess exposure to untrusted PKCS#12 file processing and implement access controls pending vendor fix availability.
Technical summary
The vulnerability exists in OpenSSL's PKCS#12 parsing implementation where ASN1_TYPE union members are accessed without type validation. This causes invalid pointer reads constrained to addresses 0x00-0xFF (the zero page), resulting in reliable crashes on modern operating systems. The attack vector requires local access with user interaction to process a malicious PKCS#12 file. CVSS 3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (5.5 Medium).
Defensive priority
low
Recommended defensive actions
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for vendor security updates from Siemens CERT portal
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
Evidence notes
CVE published 2024-04-09; CISA CSAF advisory ICSA-24-102-01 published same date. Advisory last modified 2026-05-14 with multiple revision releases adding additional CVEs through 2025-09-09. Siemens SSA-265688 referenced as primary vendor advisory.
Official resources
-
CVE-2026-22795 CVE record
CVE.org
-
CVE-2026-22795 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09