Siemens SIMATIC S7-1500 Improper Handling of Values (CVE-2024-44965)

medium Tenable OT Security Plugin ID 504059

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end condition to malfunction, leading to a 'short' clone. Guess what happens when the user mapping has a short copy of the entry text? Use the correct increment form for addr to avoid alignment assumptions.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Plugin Details

Severity: Medium

ID: 504059

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 11/13/2025

Updated: 11/13/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:siemens:scalance_xc-300%2fxr-300%2fxc-400%2fxr-500wg%2fxr-500_series_firmware, cpe:/o:siemens:scalance_xcm-%2fxrm-%2fxch-%2fxrh-300_series_firmware, cpe:/o:siemens:siplus_s7-1500_cpu_firmware:3.1.5, cpe:/o:siemens:ruggedcom_rst2428p_firmware:3.2, cpe:/o:siemens:simatic_s7-1500_cpu_firmware:3.1.5

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 12/12/2023

Vulnerability Publication Date: 12/12/2023

Reference Information

CVE: CVE-2024-44965

CWE: 229

Detections

Analytics