OTPulse
FeedAboutContact

Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1

Act Now9.1SSA-265688Apr 9, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Multiple vulnerabilities exist in the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1, including buffer overflows (CWE-787, CWE-120), out-of-bounds reads (CWE-125), integer overflows (CWE-190), and improper input validation (CWE-20). These flaws can be triggered remotely without authentication via network requests to the affected subsystem. Siemens states that fixes are being prepared but not yet available.

What this means
What could happen
An attacker with network access to the S7-1500 TM MFP could execute arbitrary code or crash the device due to multiple memory safety and input validation flaws in the Linux subsystem. This could disrupt control logic execution, alter process parameters, or halt manufacturing operations.
Who's at risk
Manufacturing facilities and process industries using SIMATIC S7-1500 TM MFP programmable logic controllers (PLCs) for automation, process control, and machine coordination. This affects any organization relying on these controllers for critical production or safety systems.
How it could be exploited
An attacker sends malicious network traffic to the S7-1500 TM MFP's Linux subsystem, exploiting buffer overflows, integer overflows, or unvalidated input to gain code execution or cause a denial of service.
Prerequisites
  • Network access to the S7-1500 TM MFP on the port(s) exposed by the Linux subsystem
  • No authentication required
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)no patch availableaffects control system operations
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC S7-1500 TM MFP - GNU/Linux subsystemAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to the S7-1500 TM MFP using firewall rules to allow only authorized workstations and control systems
HARDENINGImplement network segmentation to isolate the S7-1500 TM MFP on a separate OT network from corporate IT and untrusted systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens security advisories for patched firmware versions and apply when available
Mitigations - no patch available
0/1
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGReview and apply Siemens' operational guidelines for Industrial Security to reduce attack surface
CVEs (452)
CVE-2021-4090CVE-2021-38202CVE-2021-47002CVE-2021-47107CVE-2021-47316CVE-2022-38096CVE-2022-43945CVE-2022-48827CVE-2022-48828CVE-2022-48829CVE-2023-1652CVE-2023-5678CVE-2023-6121CVE-2023-6129CVE-2023-6237CVE-2023-6817CVE-2023-6931CVE-2023-6932CVE-2023-28746CVE-2023-45898CVE-2023-47233CVE-2023-50781CVE-2023-52447CVE-2023-52458CVE-2023-52614CVE-2023-52620CVE-2024-0584CVE-2024-0727CVE-2024-2511CVE-2024-5535CVE-2024-9143CVE-2024-22099CVE-2024-23307CVE-2024-23848CVE-2024-24857CVE-2024-24858CVE-2024-24859CVE-2024-25739CVE-2024-26629CVE-2024-26642CVE-2024-26643CVE-2024-26651CVE-2024-26659CVE-2024-26787CVE-2024-26810CVE-2024-26812CVE-2024-26816CVE-2024-26820CVE-2024-26851CVE-2024-26852CVE-2024-26855CVE-2024-26859CVE-2024-26861CVE-2024-26863CVE-2024-26870CVE-2024-26872CVE-2024-26875CVE-2024-26877CVE-2024-26878CVE-2024-26880CVE-2024-26882CVE-2024-26883CVE-2024-26884CVE-2024-26885CVE-2024-26889CVE-2024-26891CVE-2024-26894CVE-2024-26895CVE-2024-26897CVE-2024-26898CVE-2024-26901CVE-2024-26903CVE-2024-26906CVE-2024-26907CVE-2024-26920CVE-2024-26923CVE-2024-26925CVE-2024-26934CVE-2024-26935CVE-2024-26937CVE-2024-26950CVE-2024-26951CVE-2024-26958CVE-2024-26960CVE-2024-26961CVE-2024-26973CVE-2024-26974CVE-2024-26982CVE-2024-26988CVE-2024-26993CVE-2024-27004CVE-2024-27013CVE-2024-27020CVE-2024-27024CVE-2024-27025CVE-2024-27038CVE-2024-27047CVE-2024-27052CVE-2024-27053CVE-2024-27059CVE-2024-27065CVE-2024-27072CVE-2024-27076CVE-2024-27077CVE-2024-27078CVE-2024-27395CVE-2024-27396CVE-2024-27397CVE-2024-27419CVE-2024-27431CVE-2024-27436CVE-2024-27437CVE-2024-33621CVE-2024-33847CVE-2024-34027CVE-2024-35789CVE-2024-35805CVE-2024-35807CVE-2024-35811CVE-2024-35813CVE-2024-35815CVE-2024-35823CVE-2024-35828CVE-2024-35845CVE-2024-35849CVE-2024-35877CVE-2024-35884CVE-2024-35886CVE-2024-35888CVE-2024-35893CVE-2024-35895CVE-2024-35896CVE-2024-35897CVE-2024-35898CVE-2024-35899CVE-2024-35900CVE-2024-35902CVE-2024-35905CVE-2024-35910CVE-2024-35915CVE-2024-35922CVE-2024-35925CVE-2024-35930CVE-2024-35933CVE-2024-35934CVE-2024-35935CVE-2024-35936CVE-2024-35940CVE-2024-35944CVE-2024-35950CVE-2024-35955CVE-2024-35958CVE-2024-35960CVE-2024-35962CVE-2024-35965CVE-2024-35966CVE-2024-35967CVE-2024-35969CVE-2024-35973CVE-2024-35976CVE-2024-35978CVE-2024-35982CVE-2024-35983CVE-2024-35984CVE-2024-35988CVE-2024-35990CVE-2024-35996CVE-2024-35997CVE-2024-36004CVE-2024-36005CVE-2024-36006CVE-2024-36007CVE-2024-36008CVE-2024-36020CVE-2024-36270CVE-2024-36286CVE-2024-36288CVE-2024-36484CVE-2024-36489CVE-2024-36894CVE-2024-36899CVE-2024-36902CVE-2024-36904CVE-2024-36905CVE-2024-36916CVE-2024-36929CVE-2024-36939CVE-2024-36940CVE-2024-36959CVE-2024-36974CVE-2024-36978CVE-2024-37356CVE-2024-38381CVE-2024-38547CVE-2024-38552CVE-2024-38558CVE-2024-38559CVE-2024-38560CVE-2024-38565CVE-2024-38567CVE-2024-38578CVE-2024-38579CVE-2024-38587CVE-2024-38589CVE-2024-38596CVE-2024-38598CVE-2024-38599CVE-2024-38612CVE-2024-38615CVE-2024-38619CVE-2024-38635CVE-2024-38659CVE-2024-38662CVE-2024-38780CVE-2024-39468CVE-2024-39482CVE-2024-39489CVE-2024-39493CVE-2024-39502CVE-2024-39503CVE-2024-39509CVE-2024-40905CVE-2024-40912CVE-2024-40916CVE-2024-40934CVE-2024-40941CVE-2024-40942CVE-2024-40945CVE-2024-40958CVE-2024-40959CVE-2024-40960CVE-2024-40961CVE-2024-40971CVE-2024-40978CVE-2024-40980CVE-2024-40984CVE-2024-40993CVE-2024-40995CVE-2024-41000CVE-2024-41004CVE-2024-41005CVE-2024-41006CVE-2024-41016CVE-2024-41996CVE-2024-42070CVE-2024-42082CVE-2024-42090CVE-2024-42093CVE-2024-42094CVE-2024-42096CVE-2024-42097CVE-2024-42114CVE-2024-42259CVE-2024-42265CVE-2024-42272CVE-2024-42276CVE-2024-42281CVE-2024-42283CVE-2024-42292CVE-2024-42302CVE-2024-42304CVE-2024-42305CVE-2024-42306CVE-2024-42312CVE-2024-43828CVE-2024-43830CVE-2024-43834CVE-2024-43856CVE-2024-43858CVE-2024-43871CVE-2024-43879CVE-2024-43882CVE-2024-43889CVE-2024-43890CVE-2024-43893CVE-2024-44935CVE-2024-44944CVE-2024-44948CVE-2024-44960CVE-2024-44987CVE-2024-44989CVE-2024-44990CVE-2024-45016CVE-2024-45018CVE-2024-46679CVE-2024-46743CVE-2024-46744CVE-2024-46745CVE-2024-46750CVE-2024-46759CVE-2024-46783CVE-2024-46854CVE-2024-46865CVE-2024-47660CVE-2024-47672CVE-2024-47684CVE-2024-47685CVE-2024-47692CVE-2024-47696CVE-2024-47697CVE-2024-47699CVE-2024-47701CVE-2024-47705CVE-2024-47706CVE-2024-47707CVE-2024-47709CVE-2024-47710CVE-2024-47713CVE-2024-47718CVE-2024-47723CVE-2024-47735CVE-2024-47737CVE-2024-47747CVE-2024-49851CVE-2024-49889CVE-2024-49890CVE-2024-49892CVE-2024-49894CVE-2024-49900CVE-2024-49902CVE-2024-49903CVE-2024-49930CVE-2024-49938CVE-2024-49944CVE-2024-49948CVE-2024-49949CVE-2024-49952CVE-2024-49955CVE-2024-49973CVE-2024-49977CVE-2024-49997CVE-2024-50001CVE-2024-50006CVE-2024-50008CVE-2024-50010CVE-2024-50015CVE-2024-50033CVE-2024-50035CVE-2024-50039CVE-2024-50040CVE-2024-50044CVE-2024-50045CVE-2024-50046CVE-2024-50058CVE-2024-50095CVE-2024-50121CVE-2024-50127CVE-2024-50131CVE-2024-50134CVE-2024-50142CVE-2024-50148CVE-2024-50150CVE-2024-50151CVE-2024-50153CVE-2024-50188CVE-2024-50205CVE-2024-50210CVE-2024-50251CVE-2024-50262CVE-2024-50299CVE-2024-50301CVE-2024-50302CVE-2024-53042CVE-2024-53057CVE-2024-53059CVE-2024-53101CVE-2024-53124CVE-2024-56631CVE-2024-56672CVE-2024-57901CVE-2024-57902CVE-2024-57913CVE-2024-57929CVE-2024-57940CVE-2024-57948CVE-2024-57951CVE-2024-57977CVE-2024-57979CVE-2024-57981CVE-2024-57986CVE-2024-58005CVE-2024-58009CVE-2024-58014CVE-2024-58016CVE-2024-58017CVE-2024-58020CVE-2024-58051CVE-2024-58058CVE-2024-58063CVE-2024-58071CVE-2024-58072CVE-2024-58085CVE-2025-3198CVE-2025-5244CVE-2025-5245CVE-2025-7425CVE-2025-7545CVE-2025-7546CVE-2025-8224CVE-2025-9230CVE-2025-21638CVE-2025-21639CVE-2025-21640CVE-2025-21647CVE-2025-21648CVE-2025-21653CVE-2025-21664CVE-2025-21666CVE-2025-21669CVE-2025-21678CVE-2025-21683CVE-2025-21692CVE-2025-21694CVE-2025-21704CVE-2025-21711CVE-2025-21719CVE-2025-21726CVE-2025-21727CVE-2025-21728CVE-2025-21735CVE-2025-21744CVE-2025-21745CVE-2025-21753CVE-2025-21756CVE-2025-21760CVE-2025-21761CVE-2025-21762CVE-2025-21763CVE-2025-21764CVE-2025-21765CVE-2025-21772CVE-2025-21776CVE-2025-21787CVE-2025-21795CVE-2025-21796CVE-2025-21806CVE-2025-21814CVE-2025-21826CVE-2025-21835CVE-2025-21844CVE-2025-21846CVE-2025-21858CVE-2025-21859CVE-2025-21862CVE-2025-21865CVE-2025-68160CVE-2025-69418CVE-2025-69419CVE-2025-69420CVE-2025-69421CVE-2026-22795CVE-2026-22796
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c3dd96a9-17ca-4a6e-ac09-35939e5b4953