OTPulse
FeedAboutContact

Siemens SIMATIC S7-1500

Act Now9.1ICS-CERT ICSA-24-102-01Apr 9, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Multiple vulnerabilities in the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 allow remote attackers to execute arbitrary code and cause denial of service. The vulnerabilities affect the embedded Linux environment that runs alongside the PLC logic. Siemens is preparing fix versions for future release. No patches are currently available.

What this means
What could happen
An attacker with network access could execute commands on the Linux subsystem of the S7-1500 TM MFP, potentially compromising the integrity of process logic, stealing credentials or configuration data, or causing the device to stop responding. This could interrupt water treatment, power distribution, or other critical operations.
Who's at risk
Water utilities, power plants, and other critical infrastructure operators using SIMATIC S7-1500 TM MFP controllers with the GNU/Linux subsystem enabled should be concerned. Any facility relying on these industrial PLCs for continuous process control is at risk.
How it could be exploited
An attacker on the network sends specially crafted packets or requests to the exposed Linux subsystem on the S7-1500 TM MFP. The vulnerabilities (buffer overflows, input validation failures, memory corruption) allow the attacker to execute arbitrary code with the privileges of the running service, gaining control over the device logic or its data.
Prerequisites
  • Network access to the S7-1500 TM MFP
  • No valid credentials required
  • Device must be on the network with the Linux subsystem enabled
Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)No patch availableCritical CVSS (9.1)Affects core PLC logic
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC S7-1500 TM MFP - GNU/Linux subsystemAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDImplement strict firewall rules to restrict network access to the S7-1500 TM MFP to only authorized engineering workstations and SCADA systems; block all unnecessary inbound and outbound traffic
WORKAROUNDDisable the GNU/Linux subsystem on S7-1500 TM MFP devices if it is not required for your operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens security updates and apply vendor patches for the S7-1500 TM MFP when they become available
Mitigations - no patch available
0/2
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGApply network segmentation to isolate S7-1500 TM MFP devices on a separate OT/PLC network with limited connectivity to the IT network
HARDENINGFollow Siemens operational guidelines for Industrial Security to configure and harden the environment
CVEs (452)
CVE-2021-4090CVE-2021-38202CVE-2021-47002CVE-2021-47107CVE-2021-47316CVE-2022-38096CVE-2022-43945CVE-2022-48827CVE-2022-48828CVE-2022-48829CVE-2023-1652CVE-2023-5678CVE-2023-6121CVE-2023-6129CVE-2023-6237CVE-2023-6817CVE-2023-6931CVE-2023-6932CVE-2023-28746CVE-2023-45898CVE-2023-47233CVE-2023-50781CVE-2023-52447CVE-2023-52458CVE-2023-52614CVE-2023-52620CVE-2024-0584CVE-2024-0727CVE-2024-2511CVE-2024-5535CVE-2024-9143CVE-2024-22099CVE-2024-23307CVE-2024-23848CVE-2024-24857CVE-2024-24858CVE-2024-24859CVE-2024-25739CVE-2024-26629CVE-2024-26642CVE-2024-26643CVE-2024-26651CVE-2024-26659CVE-2024-26787CVE-2024-26810CVE-2024-26812CVE-2024-26816CVE-2024-26820CVE-2024-26851CVE-2024-26852CVE-2024-26855CVE-2024-26859CVE-2024-26861CVE-2024-26863CVE-2024-26870CVE-2024-26872CVE-2024-26875CVE-2024-26877CVE-2024-26878CVE-2024-26880CVE-2024-26882CVE-2024-26883CVE-2024-26884CVE-2024-26885CVE-2024-26889CVE-2024-26891CVE-2024-26894CVE-2024-26895CVE-2024-26897CVE-2024-26898CVE-2024-26901CVE-2024-26903CVE-2024-26906CVE-2024-26907CVE-2024-26920CVE-2024-26923CVE-2024-26925CVE-2024-26934CVE-2024-26935CVE-2024-26937CVE-2024-26950CVE-2024-26951CVE-2024-26958CVE-2024-26960CVE-2024-26961CVE-2024-26973CVE-2024-26974CVE-2024-26982CVE-2024-26988CVE-2024-26993CVE-2024-27004CVE-2024-27013CVE-2024-27020CVE-2024-27024CVE-2024-27025CVE-2024-27038CVE-2024-27047CVE-2024-27052CVE-2024-27053CVE-2024-27059CVE-2024-27065CVE-2024-27072CVE-2024-27076CVE-2024-27077CVE-2024-27078CVE-2024-27395CVE-2024-27396CVE-2024-27397CVE-2024-27419CVE-2024-27431CVE-2024-27436CVE-2024-27437CVE-2024-33621CVE-2024-33847CVE-2024-34027CVE-2024-35789CVE-2024-35805CVE-2024-35807CVE-2024-35811CVE-2024-35813CVE-2024-35815CVE-2024-35823CVE-2024-35828CVE-2024-35845CVE-2024-35849CVE-2024-35877CVE-2024-35884CVE-2024-35886CVE-2024-35888CVE-2024-35893CVE-2024-35895CVE-2024-35896CVE-2024-35897CVE-2024-35898CVE-2024-35899CVE-2024-35900CVE-2024-35902CVE-2024-35905CVE-2024-35910CVE-2024-35915CVE-2024-35922CVE-2024-35925CVE-2024-35930CVE-2024-35933CVE-2024-35934CVE-2024-35935CVE-2024-35936CVE-2024-35940CVE-2024-35944CVE-2024-35950CVE-2024-35955CVE-2024-35958CVE-2024-35960CVE-2024-35962CVE-2024-35965CVE-2024-35966CVE-2024-35967CVE-2024-35969CVE-2024-35973CVE-2024-35976CVE-2024-35978CVE-2024-35982CVE-2024-35983CVE-2024-35984CVE-2024-35988CVE-2024-35990CVE-2024-35996CVE-2024-35997CVE-2024-36004CVE-2024-36005CVE-2024-36006CVE-2024-36007CVE-2024-36008CVE-2024-36020CVE-2024-36270CVE-2024-36286CVE-2024-36288CVE-2024-36484CVE-2024-36489CVE-2024-36894CVE-2024-36899CVE-2024-36902CVE-2024-36904CVE-2024-36905CVE-2024-36916CVE-2024-36929CVE-2024-36939CVE-2024-36940CVE-2024-36959CVE-2024-36974CVE-2024-36978CVE-2024-37356CVE-2024-38381CVE-2024-38547CVE-2024-38552CVE-2024-38558CVE-2024-38559CVE-2024-38560CVE-2024-38565CVE-2024-38567CVE-2024-38578CVE-2024-38579CVE-2024-38587CVE-2024-38589CVE-2024-38596CVE-2024-38598CVE-2024-38599CVE-2024-38612CVE-2024-38615CVE-2024-38619CVE-2024-38635CVE-2024-38659CVE-2024-38662CVE-2024-38780CVE-2024-39468CVE-2024-39482CVE-2024-39489CVE-2024-39493CVE-2024-39502CVE-2024-39503CVE-2024-39509CVE-2024-40905CVE-2024-40912CVE-2024-40916CVE-2024-40934CVE-2024-40941CVE-2024-40942CVE-2024-40945CVE-2024-40958CVE-2024-40959CVE-2024-40960CVE-2024-40961CVE-2024-40971CVE-2024-40978CVE-2024-40980CVE-2024-40984CVE-2024-40993CVE-2024-40995CVE-2024-41000CVE-2024-41004CVE-2024-41005CVE-2024-41006CVE-2024-41016CVE-2024-41996CVE-2024-42070CVE-2024-42082CVE-2024-42090CVE-2024-42093CVE-2024-42094CVE-2024-42096CVE-2024-42097CVE-2024-42114CVE-2024-42259CVE-2024-42265CVE-2024-42272CVE-2024-42276CVE-2024-42281CVE-2024-42283CVE-2024-42292CVE-2024-42302CVE-2024-42304CVE-2024-42305CVE-2024-42306CVE-2024-42312CVE-2024-43828CVE-2024-43830CVE-2024-43834CVE-2024-43856CVE-2024-43858CVE-2024-43871CVE-2024-43879CVE-2024-43882CVE-2024-43889CVE-2024-43890CVE-2024-43893CVE-2024-44935CVE-2024-44944CVE-2024-44948CVE-2024-44960CVE-2024-44987CVE-2024-44989CVE-2024-44990CVE-2024-45016CVE-2024-45018CVE-2024-46679CVE-2024-46743CVE-2024-46744CVE-2024-46745CVE-2024-46750CVE-2024-46759CVE-2024-46783CVE-2024-46854CVE-2024-46865CVE-2024-47660CVE-2024-47672CVE-2024-47684CVE-2024-47685CVE-2024-47692CVE-2024-47696CVE-2024-47697CVE-2024-47699CVE-2024-47701CVE-2024-47705CVE-2024-47706CVE-2024-47707CVE-2024-47709CVE-2024-47710CVE-2024-47713CVE-2024-47718CVE-2024-47723CVE-2024-47735CVE-2024-47737CVE-2024-47747CVE-2024-49851CVE-2024-49889CVE-2024-49890CVE-2024-49892CVE-2024-49894CVE-2024-49900CVE-2024-49902CVE-2024-49903CVE-2024-49930CVE-2024-49938CVE-2024-49944CVE-2024-49948CVE-2024-49949CVE-2024-49952CVE-2024-49955CVE-2024-49973CVE-2024-49977CVE-2024-49997CVE-2024-50001CVE-2024-50006CVE-2024-50008CVE-2024-50010CVE-2024-50015CVE-2024-50033CVE-2024-50035CVE-2024-50039CVE-2024-50040CVE-2024-50044CVE-2024-50045CVE-2024-50046CVE-2024-50058CVE-2024-50095CVE-2024-50121CVE-2024-50127CVE-2024-50131CVE-2024-50134CVE-2024-50142CVE-2024-50148CVE-2024-50150CVE-2024-50151CVE-2024-50153CVE-2024-50188CVE-2024-50205CVE-2024-50210CVE-2024-50251CVE-2024-50262CVE-2024-50299CVE-2024-50301CVE-2024-50302CVE-2024-53042CVE-2024-53057CVE-2024-53059CVE-2024-53101CVE-2024-53124CVE-2024-56631CVE-2024-56672CVE-2024-57901CVE-2024-57902CVE-2024-57913CVE-2024-57929CVE-2024-57940CVE-2024-57948CVE-2024-57951CVE-2024-57977CVE-2024-57979CVE-2024-57981CVE-2024-57986CVE-2024-58005CVE-2024-58009CVE-2024-58014CVE-2024-58016CVE-2024-58017CVE-2024-58020CVE-2024-58051CVE-2024-58058CVE-2024-58063CVE-2024-58071CVE-2024-58072CVE-2024-58085CVE-2025-3198CVE-2025-5244CVE-2025-5245CVE-2025-7425CVE-2025-7545CVE-2025-7546CVE-2025-8224CVE-2025-9230CVE-2025-21638CVE-2025-21639CVE-2025-21640CVE-2025-21647CVE-2025-21648CVE-2025-21653CVE-2025-21664CVE-2025-21666CVE-2025-21669CVE-2025-21678CVE-2025-21683CVE-2025-21692CVE-2025-21694CVE-2025-21704CVE-2025-21711CVE-2025-21719CVE-2025-21726CVE-2025-21727CVE-2025-21728CVE-2025-21735CVE-2025-21744CVE-2025-21745CVE-2025-21753CVE-2025-21756CVE-2025-21760CVE-2025-21761CVE-2025-21762CVE-2025-21763CVE-2025-21764CVE-2025-21765CVE-2025-21772CVE-2025-21776CVE-2025-21787CVE-2025-21795CVE-2025-21796CVE-2025-21806CVE-2025-21814CVE-2025-21826CVE-2025-21835CVE-2025-21844CVE-2025-21846CVE-2025-21858CVE-2025-21859CVE-2025-21862CVE-2025-21865CVE-2025-68160CVE-2025-69418CVE-2025-69419CVE-2025-69420CVE-2025-69421CVE-2026-22795CVE-2026-22796
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a2ddd532-c036-4d39-b4c5-c1fd4d8da278