Detections
Analytics

Siemens SIMATIC S7-1500 Use After Free (CVE-2025-38708)

high Tenable OT Security Plugin ID 505166

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
drbd: add missing kref_get in handle_write_conflicts With `two- primaries` enabled, DRBD tries to detect concurrent writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they end up with the identical data once the writes are completed. In handling superseeded writes, we forgot a kref_get, resulting in a premature drbd_destroy_device and use after free, and further to kernel crashes with symptoms.
Relevance: No one should use DRBD as a random data generator, and apparently all users of two-primaries handle concurrent writes correctly on layer up. That is cluster file systems use some distributed lock manager, and live migration in virtualization environments stops writes on one node before starting writes on the other node. Which means that other than for test cases, this code path is never taken in real life. FYI, in DRBD 9, things are handled differently nowadays. We still detect write conflicts, but no longer try to be smart about them. We decided to disconnect hard instead: upper layers must not submit concurrent writes. If they do, that's their fault.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Plugin Details

Severity: High

ID: 505166

File Name: tenable_ot_siemens_CVE-2025-38708.nasl

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 2/16/2026

Updated: 2/17/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-38708

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_s7-1500_cpu_firmware:3.1.5, cpe:/o:siemens:siplus_s7-1500_cpu_firmware:3.1.5

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 6/10/2025

Vulnerability Publication Date: 6/10/2025

Reference Information

CVE: CVE-2025-38708

CWE: 416