SB2025031418 - Multiple vulnerabilities in Siemens SIMATIC S7-1500 TM MFP - BIOS

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Double free (CVE-ID: CVE-2024-41046)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ltq_etop_free_channel() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2024-41049)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.

3) NULL pointer dereference (CVE-ID: CVE-2024-41055)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.

4) Input validation error (CVE-ID: CVE-2024-42154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.

5) Use of uninitialized resource (CVE-ID: CVE-2024-42161)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://cert-portal.siemens.com/productcert/txt/ssa-503939.txt