Vulnerability-Lookup

SSA-216014

Vulnerability from csaf_siemens - Published: 2025-03-11 00:00 - Updated: 2026-05-12 00:00

Summary

SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs

Notes

Summary: Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

CVE-2024-56181

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-693 - Protection Mechanism Failure

Affected products

Known affected 31 products

Product	Version	Remediation
SIMATIC Field PG M5 Siemens / SIMATIC Field PG M5	vers:all/*	Mitigation None Available
SIMATIC IPC BX-21A Siemens / SIMATIC IPC BX-21A	vers:intdot/<31.01.07	Mitigation Vendor Fix fix
SIMATIC IPC BX-32A Siemens / SIMATIC IPC BX-32A	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC BX-39A Siemens / SIMATIC IPC BX-39A	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC BX-59A Siemens / SIMATIC IPC BX-59A	vers:intdot/<32.01.04	Mitigation Vendor Fix fix
SIMATIC IPC PX-32A Siemens / SIMATIC IPC PX-32A	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC PX-39A Siemens / SIMATIC IPC PX-39A	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC PX-39A PRO Siemens / SIMATIC IPC PX-39A PRO	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC RC-543A Siemens / SIMATIC IPC RC-543A	vers:intdot/<36.01.03	Mitigation Vendor Fix fix
SIMATIC IPC RC-543B Siemens / SIMATIC IPC RC-543B	vers:intdot/<35.01.12	Mitigation Vendor Fix fix
SIMATIC IPC RW-543A Siemens / SIMATIC IPC RW-543A	vers:intdot/<1.1.4	Mitigation Vendor Fix fix
SIMATIC IPC RW-543B Siemens / SIMATIC IPC RW-543B	vers:intdot/<35.02.10	Mitigation Vendor Fix fix
SIMATIC IPC127E Siemens / SIMATIC IPC127E	vers:intdot/<27.01.11	Mitigation Vendor Fix fix
SIMATIC IPC227E Siemens / SIMATIC IPC227E	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC227G Siemens / SIMATIC IPC227G	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC277E Siemens / SIMATIC IPC277E	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC277G Siemens / SIMATIC IPC277G	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC277G PRO Siemens / SIMATIC IPC277G PRO	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC3000 SMART V3 Siemens / SIMATIC IPC3000 SMART V3	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC327G Siemens / SIMATIC IPC327G	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC347G Siemens / SIMATIC IPC347G	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC377G Siemens / SIMATIC IPC377G	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC427E Siemens / SIMATIC IPC427E	vers:all/*	Mitigation None Available
SIMATIC IPC477E Siemens / SIMATIC IPC477E	vers:all/*	Mitigation None Available
SIMATIC IPC477E PRO Siemens / SIMATIC IPC477E PRO	vers:all/*	Mitigation None Available
SIMATIC IPC527G Siemens / SIMATIC IPC527G	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC627E Siemens / SIMATIC IPC627E	vers:intdot/<25.02.15	Mitigation Vendor Fix fix
SIMATIC IPC647E Siemens / SIMATIC IPC647E	vers:intdot/<25.02.15	Mitigation Vendor Fix fix
SIMATIC IPC677E Siemens / SIMATIC IPC677E	vers:intdot/<25.02.15	Mitigation Vendor Fix fix
SIMATIC IPC847E Siemens / SIMATIC IPC847E	vers:intdot/<25.02.15	Mitigation Vendor Fix fix
SIMATIC ITP1000 Siemens / SIMATIC ITP1000	vers:all/*	Mitigation None Available

CVE-2024-56182

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-693 - Protection Mechanism Failure

Affected products

Known affected 32 products

Product	Version	Remediation
SIMATIC Field PG M5 Siemens / SIMATIC Field PG M5	vers:all/*	Mitigation None Available
SIMATIC Field PG M6 Siemens / SIMATIC Field PG M6	vers:intdot/<26.01.12	Mitigation Vendor Fix fix
SIMATIC IPC BX-21A Siemens / SIMATIC IPC BX-21A	vers:intdot/<31.01.07	Mitigation Vendor Fix fix
SIMATIC IPC BX-32A Siemens / SIMATIC IPC BX-32A	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC BX-39A Siemens / SIMATIC IPC BX-39A	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC BX-59A Siemens / SIMATIC IPC BX-59A	vers:intdot/<32.01.04	Mitigation Vendor Fix fix
SIMATIC IPC PX-32A Siemens / SIMATIC IPC PX-32A	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC PX-39A Siemens / SIMATIC IPC PX-39A	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC PX-39A PRO Siemens / SIMATIC IPC PX-39A PRO	vers:intdot/<29.01.07	Mitigation Vendor Fix fix
SIMATIC IPC RC-543A Siemens / SIMATIC IPC RC-543A	vers:intdot/<36.01.03	Mitigation Vendor Fix fix
SIMATIC IPC RC-543B Siemens / SIMATIC IPC RC-543B	vers:intdot/<35.01.12	Mitigation Vendor Fix fix
SIMATIC IPC RW-543A Siemens / SIMATIC IPC RW-543A	vers:intdot/<1.1.4	Mitigation Vendor Fix fix
SIMATIC IPC RW-543B Siemens / SIMATIC IPC RW-543B	vers:intdot/<35.02.10	Mitigation Vendor Fix fix
SIMATIC IPC127E Siemens / SIMATIC IPC127E	vers:intdot/<27.01.11	Mitigation Vendor Fix fix
SIMATIC IPC227E Siemens / SIMATIC IPC227E	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC227G Siemens / SIMATIC IPC227G	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC277E Siemens / SIMATIC IPC277E	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC277G Siemens / SIMATIC IPC277G	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC277G PRO Siemens / SIMATIC IPC277G PRO	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC3000 SMART V3 Siemens / SIMATIC IPC3000 SMART V3	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC327G Siemens / SIMATIC IPC327G	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC347G Siemens / SIMATIC IPC347G	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC377G Siemens / SIMATIC IPC377G	vers:intdot/<28.01.14	Mitigation Vendor Fix fix
SIMATIC IPC427E Siemens / SIMATIC IPC427E	vers:all/*	Mitigation None Available
SIMATIC IPC477E Siemens / SIMATIC IPC477E	vers:all/*	Mitigation None Available
SIMATIC IPC477E PRO Siemens / SIMATIC IPC477E PRO	vers:all/*	Mitigation None Available
SIMATIC IPC527G Siemens / SIMATIC IPC527G	vers:all/*	Mitigation No Fix Planned
SIMATIC IPC627E Siemens / SIMATIC IPC627E	vers:intdot/<25.02.15	Mitigation Vendor Fix fix
SIMATIC IPC647E Siemens / SIMATIC IPC647E	vers:intdot/<25.02.15	Mitigation Vendor Fix fix
SIMATIC IPC677E Siemens / SIMATIC IPC677E	vers:intdot/<25.02.15	Mitigation Vendor Fix fix
SIMATIC IPC847E Siemens / SIMATIC IPC847E	vers:intdot/<25.02.15	Mitigation Vendor Fix fix
SIMATIC ITP1000 Siemens / SIMATIC ITP1000	vers:all/*	Mitigation None Available

References

2 references

URL	Category
https://cert-portal.siemens.com/productcert/html/…	self
https://cert-portal.siemens.com/productcert/csaf/…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to  alter the secure boot and password configurations.\n\nSiemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-216014.html"
      },
      {
        "category": "self",
        "summary": "SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-216014.json"
      }
    ],
    "title": "SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs",
    "tracking": {
      "current_release_date": "2026-05-12T00:00:00.000Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-216014",
      "initial_release_date": "2025-03-11T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-03-11T00:00:00.000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2025-06-10T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added SIMATIC IPC RC-543A and RW-543B; Updated SIMATIC IPC3000 Smart V3, IPC 347G, IPC 527G"
        },
        {
          "date": "2025-11-11T00:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added fix for SIMATIC IPC227G / IPC277G / IPC277G PRO / IPC327G / IPC377G"
        },
        {
          "date": "2026-02-10T00:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added fix versions for IPC RW-543B and IPC RC-543B"
        },
        {
          "date": "2026-04-14T00:00:00.000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added fix versions for IPC RW-543A and IPC127E"
        },
        {
          "date": "2026-05-12T00:00:00.000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added fix versions for IPC RC-543A"
        }
      ],
      "status": "interim",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC Field PG M5",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Field PG M5"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c26.01.12",
                "product": {
                  "name": "SIMATIC Field PG M6",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Field PG M6"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c31.01.07",
                "product": {
                  "name": "SIMATIC IPC BX-21A",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC BX-21A"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c29.01.07",
                "product": {
                  "name": "SIMATIC IPC BX-32A",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC BX-32A"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c29.01.07",
                "product": {
                  "name": "SIMATIC IPC BX-39A",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC BX-39A"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c32.01.04",
                "product": {
                  "name": "SIMATIC IPC BX-59A",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC BX-59A"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c29.01.07",
                "product": {
                  "name": "SIMATIC IPC PX-32A",
                  "product_id": "7"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC PX-32A"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c29.01.07",
                "product": {
                  "name": "SIMATIC IPC PX-39A",
                  "product_id": "8"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC PX-39A"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c29.01.07",
                "product": {
                  "name": "SIMATIC IPC PX-39A PRO",
                  "product_id": "9"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC PX-39A PRO"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c36.01.03",
                "product": {
                  "name": "SIMATIC IPC RC-543A",
                  "product_id": "10"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC RC-543A"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c35.01.12",
                "product": {
                  "name": "SIMATIC IPC RC-543B",
                  "product_id": "11"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC RC-543B"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c1.1.4",
                "product": {
                  "name": "SIMATIC IPC RW-543A",
                  "product_id": "12"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC RW-543A"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c35.02.10",
                "product": {
                  "name": "SIMATIC IPC RW-543B",
                  "product_id": "13"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC RW-543B"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c27.01.11",
                "product": {
                  "name": "SIMATIC IPC127E",
                  "product_id": "14"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC127E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC IPC227E",
                  "product_id": "15"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC227E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c28.01.14",
                "product": {
                  "name": "SIMATIC IPC227G",
                  "product_id": "16"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC227G"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC IPC277E",
                  "product_id": "17"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC277E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c28.01.14",
                "product": {
                  "name": "SIMATIC IPC277G",
                  "product_id": "18"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC277G"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c28.01.14",
                "product": {
                  "name": "SIMATIC\u00a0IPC277G PRO",
                  "product_id": "19"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC\u00a0IPC277G PRO"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC IPC3000 SMART V3",
                  "product_id": "20"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC3000 SMART V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c28.01.14",
                "product": {
                  "name": "SIMATIC IPC327G",
                  "product_id": "21"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC327G"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC IPC347G",
                  "product_id": "22"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC347G"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c28.01.14",
                "product": {
                  "name": "SIMATIC IPC377G",
                  "product_id": "23"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC377G"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC IPC427E",
                  "product_id": "24"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC427E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC IPC477E",
                  "product_id": "25"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC477E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC IPC477E PRO",
                  "product_id": "26"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC477E PRO"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC IPC527G",
                  "product_id": "27"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC527G"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c25.02.15",
                "product": {
                  "name": "SIMATIC IPC627E",
                  "product_id": "28"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC627E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c25.02.15",
                "product": {
                  "name": "SIMATIC IPC647E",
                  "product_id": "29"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC647E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c25.02.15",
                "product": {
                  "name": "SIMATIC IPC677E",
                  "product_id": "30"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC677E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c25.02.15",
                "product": {
                  "name": "SIMATIC IPC847E",
                  "product_id": "31"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC IPC847E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ITP1000",
                  "product_id": "32"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ITP1000"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-56181",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23",
          "24",
          "25",
          "26",
          "27",
          "28",
          "29",
          "30",
          "31",
          "32"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict access to root/administrator permission for the operating system",
          "product_ids": [
            "1",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25",
            "26",
            "27",
            "28",
            "29",
            "30",
            "31",
            "32"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "15",
            "17",
            "20",
            "22",
            "27"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1",
            "24",
            "25",
            "26",
            "32"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.1.4 or later version",
          "product_ids": [
            "12"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V25.02.15 or later version",
          "product_ids": [
            "28",
            "29",
            "30",
            "31"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V27.01.11 or later version",
          "product_ids": [
            "14"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V28.01.14 or later version",
          "product_ids": [
            "16",
            "18",
            "19",
            "21",
            "23"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V29.01.07 or later version",
          "product_ids": [
            "4",
            "7"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V29.01.07 or later version",
          "product_ids": [
            "5",
            "8",
            "9"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V31.01.07 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V32.01.04 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.01.12 or later version",
          "product_ids": [
            "11"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.02.10 or later version",
          "product_ids": [
            "13"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V36.01.03 or later version",
          "product_ids": [
            "10"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25",
            "26",
            "27",
            "28",
            "29",
            "30",
            "31",
            "32"
          ]
        }
      ],
      "title": "CVE-2024-56181"
    },
    {
      "cve": "CVE-2024-56182",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23",
          "24",
          "25",
          "26",
          "27",
          "28",
          "29",
          "30",
          "31",
          "32"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict access to root/administrator permission for the operating system",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25",
            "26",
            "27",
            "28",
            "29",
            "30",
            "31",
            "32"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "15",
            "17",
            "20",
            "22",
            "27"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1",
            "24",
            "25",
            "26",
            "32"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.1.4 or later version",
          "product_ids": [
            "12"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V25.02.15 or later version",
          "product_ids": [
            "28",
            "29",
            "30",
            "31"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V26.01.12 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V27.01.11 or later version",
          "product_ids": [
            "14"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V28.01.14 or later version",
          "product_ids": [
            "16",
            "18",
            "19",
            "21",
            "23"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V29.01.07 or later version",
          "product_ids": [
            "4",
            "7"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V29.01.07 or later version",
          "product_ids": [
            "5",
            "8",
            "9"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V31.01.07 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V32.01.04 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.01.12 or later version",
          "product_ids": [
            "11"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.02.10 or later version",
          "product_ids": [
            "13"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V36.01.03 or later version",
          "product_ids": [
            "10"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25",
            "26",
            "27",
            "28",
            "29",
            "30",
            "31",
            "32"
          ]
        }
      ],
      "title": "CVE-2024-56182"
    }
  ]
}

BDU:2025-02901

Vulnerability from fstec - Published: 11.03.2025

Title

Уязвимость EFI-загрузчика микропрограммного обеспечения устройств SIMATIC IPC, планшетов SIMATIC PC и ноутбуков SIMATIC Field PG, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость EFI-загрузчика микропрограммного обеспечения устройств SIMATIC IPC, планшетов SIMATIC PC и ноутбуков SIMATIC Field PG связана с нарушением механизма защиты данных. Эксплуатация уязвимости может позволить нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H


                    
                      AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

Vendor

Siemens AG

Software Name

SIMATIC Field PG M5, SIMATIC IPC527G, SIMATIC IPC127E, SIMATIC ITP1000, SIMATIC IPC647E, SIMATIC IPC847E, SIMATIC IPC BX-21A, SIMATIC IPC BX-32A, SIMATIC IPC BX-39A, SIMATIC IPC BX-59A, SIMATIC IPC PX-32A, SIMATIC IPC PX-39A, SIMATIC IPC PX-39A PRO, SIMATIC IPC RC-543B, SIMATIC IPC RW-543A, SIMATIC IPC227E, SIMATIC IPC227G, SIMATIC IPC277E, SIMATIC IPC277G, SIMATIC IPC277G PRO, SIMATIC IPC3000 SMART V3, SIMATIC IPC327G, SIMATIC IPC347G, SIMATIC IPC377G, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E Pro, SIMATIC IPC627E, SIMATIC IPC677E

Software Version

- (SIMATIC Field PG M5), - (SIMATIC IPC527G), - (SIMATIC IPC127E), - (SIMATIC ITP1000), - (SIMATIC IPC647E), - (SIMATIC IPC847E), до 31.01.07 (SIMATIC IPC BX-21A), до 29.01.07 (SIMATIC IPC BX-32A), до 29.01.07 (SIMATIC IPC BX-39A), до 32.01.04 (SIMATIC IPC BX-59A), до 29.01.07 (SIMATIC IPC PX-32A), до 29.01.07 (SIMATIC IPC PX-39A), до 29.01.07 (SIMATIC IPC PX-39A PRO), - (SIMATIC IPC RC-543B), - (SIMATIC IPC RW-543A), - (SIMATIC IPC227E), - (SIMATIC IPC227G), - (SIMATIC IPC277E), - (SIMATIC IPC277G), - (SIMATIC IPC277G PRO), - (SIMATIC IPC3000 SMART V3), - (SIMATIC IPC327G), - (SIMATIC IPC347G), - (SIMATIC IPC377G), - (SIMATIC IPC427E), - (SIMATIC IPC477E), - (SIMATIC IPC477E Pro), - (SIMATIC IPC627E), - (SIMATIC IPC677E)

Possible Mitigations

Использование рекомендаций: https://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf Компенсирующие меры: - использование средств межсетевого экранирования для ограничения удалённого доступа; - сегментирование сети для ограничения доступа к промышленному сегменту из других подсетей; - ограничение доступа из внешних сетей (Интернет); - использование виртуальных частных сетей для организации удаленного доступа (VPN)

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf

CWE

CWE-693

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": "AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H",
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (SIMATIC Field PG M5), - (SIMATIC IPC527G), - (SIMATIC IPC127E), - (SIMATIC ITP1000), - (SIMATIC IPC647E), - (SIMATIC IPC847E), \u0434\u043e 31.01.07 (SIMATIC IPC BX-21A), \u0434\u043e 29.01.07 (SIMATIC IPC BX-32A), \u0434\u043e 29.01.07 (SIMATIC IPC BX-39A), \u0434\u043e 32.01.04 (SIMATIC IPC BX-59A), \u0434\u043e 29.01.07 (SIMATIC IPC PX-32A), \u0434\u043e 29.01.07 (SIMATIC IPC PX-39A), \u0434\u043e 29.01.07 (SIMATIC IPC PX-39A PRO), - (SIMATIC IPC RC-543B), - (SIMATIC IPC RW-543A), - (SIMATIC IPC227E), - (SIMATIC IPC227G), - (SIMATIC IPC277E), - (SIMATIC IPC277G), - (SIMATIC IPC277G PRO), - (SIMATIC IPC3000 SMART V3), - (SIMATIC IPC327G), - (SIMATIC IPC347G), - (SIMATIC IPC377G), - (SIMATIC IPC427E), - (SIMATIC IPC477E), - (SIMATIC IPC477E Pro), - (SIMATIC IPC627E), - (SIMATIC IPC677E)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0443 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN)",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.03.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02901",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-56181, SSA-216014",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIMATIC Field PG M5, SIMATIC IPC527G, SIMATIC IPC127E, SIMATIC ITP1000, SIMATIC IPC647E, SIMATIC IPC847E, SIMATIC IPC BX-21A, SIMATIC IPC BX-32A, SIMATIC IPC BX-39A, SIMATIC IPC BX-59A, SIMATIC IPC PX-32A, SIMATIC IPC PX-39A, SIMATIC IPC PX-39A PRO, SIMATIC IPC RC-543B, SIMATIC IPC RW-543A, SIMATIC IPC227E, SIMATIC IPC227G, SIMATIC IPC277E, SIMATIC IPC277G, SIMATIC IPC277G PRO, SIMATIC IPC3000 SMART V3, SIMATIC IPC327G, SIMATIC IPC347G, SIMATIC IPC377G, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E Pro, SIMATIC IPC627E, SIMATIC IPC677E",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c EFI-\u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SIMATIC IPC, \u043f\u043b\u0430\u043d\u0448\u0435\u0442\u043e\u0432 SIMATIC PC \u0438 \u043d\u043e\u0443\u0442\u0431\u0443\u043a\u043e\u0432 SIMATIC Field PG, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-693)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c EFI-\u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SIMATIC IPC, \u043f\u043b\u0430\u043d\u0448\u0435\u0442\u043e\u0432 SIMATIC PC \u0438 \u043d\u043e\u0443\u0442\u0431\u0443\u043a\u043e\u0432 SIMATIC Field PG \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-693",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,4)"
}

BDU:2025-04297

Vulnerability from fstec - Published: 11.03.2025

Title

Description

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H


                    
                      AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

Vendor

Siemens AG

Software Name

SIMATIC Field PG M5, SIMATIC Field PG M6, SIMATIC IPC527G, SIMATIC IPC127E, SIMATIC ITP1000, SIMATIC IPC647E, SIMATIC IPC847E, SIMATIC IPC BX-21A, SIMATIC IPC BX-32A, SIMATIC IPC BX-39A, SIMATIC IPC BX-59A, SIMATIC IPC PX-32A, SIMATIC IPC PX-39A, SIMATIC IPC PX-39A PRO, SIMATIC IPC RC-543B, SIMATIC IPC RW-543A, SIMATIC IPC227E, SIMATIC IPC227G, SIMATIC IPC277E, SIMATIC IPC277G, SIMATIC IPC277G PRO, SIMATIC IPC3000 SMART V3, SIMATIC IPC327G, SIMATIC IPC347G, SIMATIC IPC377G, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E Pro, SIMATIC IPC627E, SIMATIC IPC677E

Software Version

- (SIMATIC Field PG M5), - (SIMATIC Field PG M6), - (SIMATIC IPC527G), - (SIMATIC IPC127E), - (SIMATIC ITP1000), - (SIMATIC IPC647E), - (SIMATIC IPC847E), до 31.01.07 (SIMATIC IPC BX-21A), до 29.01.07 (SIMATIC IPC BX-32A), до 29.01.07 (SIMATIC IPC BX-39A), до 32.01.04 (SIMATIC IPC BX-59A), до 29.01.07 (SIMATIC IPC PX-32A), до 29.01.07 (SIMATIC IPC PX-39A), до 29.01.07 (SIMATIC IPC PX-39A PRO), - (SIMATIC IPC RC-543B), - (SIMATIC IPC RW-543A), - (SIMATIC IPC227E), - (SIMATIC IPC227G), - (SIMATIC IPC277E), - (SIMATIC IPC277G), - (SIMATIC IPC277G PRO), - (SIMATIC IPC3000 SMART V3), - (SIMATIC IPC327G), - (SIMATIC IPC347G), - (SIMATIC IPC377G), - (SIMATIC IPC427E), - (SIMATIC IPC477E), - (SIMATIC IPC477E Pro), - (SIMATIC IPC627E), - (SIMATIC IPC677E)

Possible Mitigations

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf

CWE

CWE-693

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": "AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H",
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (SIMATIC Field PG M5), - (SIMATIC Field PG M6), - (SIMATIC IPC527G), - (SIMATIC IPC127E), - (SIMATIC ITP1000), - (SIMATIC IPC647E), - (SIMATIC IPC847E), \u0434\u043e 31.01.07 (SIMATIC IPC BX-21A), \u0434\u043e 29.01.07 (SIMATIC IPC BX-32A), \u0434\u043e 29.01.07 (SIMATIC IPC BX-39A), \u0434\u043e 32.01.04 (SIMATIC IPC BX-59A), \u0434\u043e 29.01.07 (SIMATIC IPC PX-32A), \u0434\u043e 29.01.07 (SIMATIC IPC PX-39A), \u0434\u043e 29.01.07 (SIMATIC IPC PX-39A PRO), - (SIMATIC IPC RC-543B), - (SIMATIC IPC RW-543A), - (SIMATIC IPC227E), - (SIMATIC IPC227G), - (SIMATIC IPC277E), - (SIMATIC IPC277G), - (SIMATIC IPC277G PRO), - (SIMATIC IPC3000 SMART V3), - (SIMATIC IPC327G), - (SIMATIC IPC347G), - (SIMATIC IPC377G), - (SIMATIC IPC427E), - (SIMATIC IPC477E), - (SIMATIC IPC477E Pro), - (SIMATIC IPC627E), - (SIMATIC IPC677E)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0443 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN)",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.04.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.04.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-04297",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-56182, SSA-216014",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIMATIC Field PG M5, SIMATIC Field PG M6, SIMATIC IPC527G, SIMATIC IPC127E, SIMATIC ITP1000, SIMATIC IPC647E, SIMATIC IPC847E, SIMATIC IPC BX-21A, SIMATIC IPC BX-32A, SIMATIC IPC BX-39A, SIMATIC IPC BX-59A, SIMATIC IPC PX-32A, SIMATIC IPC PX-39A, SIMATIC IPC PX-39A PRO, SIMATIC IPC RC-543B, SIMATIC IPC RW-543A, SIMATIC IPC227E, SIMATIC IPC227G, SIMATIC IPC277E, SIMATIC IPC277G, SIMATIC IPC277G PRO, SIMATIC IPC3000 SMART V3, SIMATIC IPC327G, SIMATIC IPC347G, SIMATIC IPC377G, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E Pro, SIMATIC IPC627E, SIMATIC IPC677E",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c EFI-\u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SIMATIC IPC, \u043f\u043b\u0430\u043d\u0448\u0435\u0442\u043e\u0432 SIMATIC PC \u0438 \u043d\u043e\u0443\u0442\u0431\u0443\u043a\u043e\u0432 SIMATIC Field PG, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-693)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c EFI-\u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SIMATIC IPC, \u043f\u043b\u0430\u043d\u0448\u0435\u0442\u043e\u0432 SIMATIC PC \u0438 \u043d\u043e\u0443\u0442\u0431\u0443\u043a\u043e\u0432 SIMATIC Field PG \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-693",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,4)"
}

CVE-2024-56181 (GCVE-0-2024-56181)

Vulnerability from cvelistv5 – Published: 2025-03-11 09:48 – Updated: 2026-05-12 08:20

Summary

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions < V36.01.03), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.4 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-693 - Protection Mechanism Failure

Assigner

siemens

References

1 reference

URL	Tags
https://cert-portal.siemens.com/productcert/html/…

Impacted products

31 products

Vendor	Product	Version
Siemens	SIMATIC Field PG M5	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC BX-21A	Affected: 0 , < V31.01.07 (custom)
Siemens	SIMATIC IPC BX-32A	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC BX-39A	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC BX-59A	Affected: 0 , < V32.01.04 (custom)
Siemens	SIMATIC IPC PX-32A	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC PX-39A	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC PX-39A PRO	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC RC-543A	Affected: 0 , < V36.01.03 (custom)
Siemens	SIMATIC IPC RC-543B	Affected: 0 , < V35.01.12 (custom)
Siemens	SIMATIC IPC RW-543A	Affected: 0 , < V1.1.4 (custom)
Siemens	SIMATIC IPC RW-543B	Affected: 0 , < V35.02.10 (custom)
Siemens	SIMATIC IPC127E	Affected: 0 , < V27.01.11 (custom)
Siemens	SIMATIC IPC227E	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC227G	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC277E	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC277G	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC277G PRO	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC3000 SMART V3	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC327G	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC347G	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC377G	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC427E	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC477E	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC477E PRO	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC527G	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC627E	Affected: 0 , < V25.02.15 (custom)
Siemens	SIMATIC IPC647E	Affected: 0 , < V25.02.15 (custom)
Siemens	SIMATIC IPC677E	Affected: 0 , < V25.02.15 (custom)
Siemens	SIMATIC IPC847E	Affected: 0 , < V25.02.15 (custom)
Siemens	SIMATIC ITP1000	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56181",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T14:06:38.581942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T14:06:50.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Field PG M5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-21A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-32A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-39A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-59A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V32.01.04",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC PX-32A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC PX-39A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC PX-39A PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC RC-543A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.01.03",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC RC-543B",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.01.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC RW-543A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC RW-543B",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.02.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC127E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V27.01.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC227E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC227G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC277E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC277G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC\u00a0IPC277G PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC3000 SMART V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC327G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC347G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC377G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC427E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC477E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC477E PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC527G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC627E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V25.02.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC647E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V25.02.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC677E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V25.02.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC847E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V25.02.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ITP1000",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions \u003c V31.01.07), SIMATIC IPC BX-32A (All versions \u003c V29.01.07), SIMATIC IPC BX-39A (All versions \u003c V29.01.07), SIMATIC IPC BX-59A (All versions \u003c V32.01.04), SIMATIC IPC PX-32A (All versions \u003c V29.01.07), SIMATIC IPC PX-39A (All versions \u003c V29.01.07), SIMATIC IPC PX-39A PRO (All versions \u003c V29.01.07), SIMATIC IPC RC-543A (All versions \u003c V36.01.03), SIMATIC IPC RC-543B (All versions \u003c V35.01.12), SIMATIC IPC RW-543A (All versions \u003c V1.1.4), SIMATIC IPC RW-543B (All versions \u003c V35.02.10), SIMATIC IPC127E (All versions \u003c V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions \u003c V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions \u003c V28.01.14), SIMATIC\u00a0IPC277G PRO (All versions \u003c V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions \u003c V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions \u003c V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions \u003c V25.02.15), SIMATIC IPC647E (All versions \u003c V25.02.15), SIMATIC IPC677E (All versions \u003c V25.02.15), SIMATIC IPC847E (All versions \u003c V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T08:20:39.507Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-216014.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-56181",
    "datePublished": "2025-03-11T09:48:03.703Z",
    "dateReserved": "2024-12-18T12:06:43.292Z",
    "dateUpdated": "2026-05-12T08:20:39.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56182 (GCVE-0-2024-56182)

Vulnerability from cvelistv5 – Published: 2025-03-11 09:48 – Updated: 2026-05-12 08:20

Summary

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions < V36.01.03), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.4 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-693 - Protection Mechanism Failure

Assigner

siemens

References

1 reference

URL	Tags
https://cert-portal.siemens.com/productcert/html/…

Impacted products

32 products

Vendor	Product	Version
Siemens	SIMATIC Field PG M5	Affected: 0 , < * (custom)
Siemens	SIMATIC Field PG M6	Affected: 0 , < V26.01.12 (custom)
Siemens	SIMATIC IPC BX-21A	Affected: 0 , < V31.01.07 (custom)
Siemens	SIMATIC IPC BX-32A	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC BX-39A	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC BX-59A	Affected: 0 , < V32.01.04 (custom)
Siemens	SIMATIC IPC PX-32A	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC PX-39A	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC PX-39A PRO	Affected: 0 , < V29.01.07 (custom)
Siemens	SIMATIC IPC RC-543A	Affected: 0 , < V36.01.03 (custom)
Siemens	SIMATIC IPC RC-543B	Affected: 0 , < V35.01.12 (custom)
Siemens	SIMATIC IPC RW-543A	Affected: 0 , < V1.1.4 (custom)
Siemens	SIMATIC IPC RW-543B	Affected: 0 , < V35.02.10 (custom)
Siemens	SIMATIC IPC127E	Affected: 0 , < V27.01.11 (custom)
Siemens	SIMATIC IPC227E	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC227G	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC277E	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC277G	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC277G PRO	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC3000 SMART V3	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC327G	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC347G	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC377G	Affected: 0 , < V28.01.14 (custom)
Siemens	SIMATIC IPC427E	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC477E	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC477E PRO	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC527G	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC627E	Affected: 0 , < V25.02.15 (custom)
Siemens	SIMATIC IPC647E	Affected: 0 , < V25.02.15 (custom)
Siemens	SIMATIC IPC677E	Affected: 0 , < V25.02.15 (custom)
Siemens	SIMATIC IPC847E	Affected: 0 , < V25.02.15 (custom)
Siemens	SIMATIC ITP1000	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56182",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T14:03:47.493714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T14:05:53.276Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Field PG M5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Field PG M6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V26.01.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-21A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-32A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-39A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-59A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V32.01.04",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC PX-32A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC PX-39A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC PX-39A PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V29.01.07",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC RC-543A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.01.03",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC RC-543B",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.01.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC RW-543A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC RW-543B",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.02.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC127E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V27.01.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC227E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC227G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC277E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC277G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC\u00a0IPC277G PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC3000 SMART V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC327G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC347G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC377G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V28.01.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC427E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC477E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC477E PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC527G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC627E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V25.02.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC647E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V25.02.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC677E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V25.02.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC847E",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V25.02.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ITP1000",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions \u003c V26.01.12), SIMATIC IPC BX-21A (All versions \u003c V31.01.07), SIMATIC IPC BX-32A (All versions \u003c V29.01.07), SIMATIC IPC BX-39A (All versions \u003c V29.01.07), SIMATIC IPC BX-59A (All versions \u003c V32.01.04), SIMATIC IPC PX-32A (All versions \u003c V29.01.07), SIMATIC IPC PX-39A (All versions \u003c V29.01.07), SIMATIC IPC PX-39A PRO (All versions \u003c V29.01.07), SIMATIC IPC RC-543A (All versions \u003c V36.01.03), SIMATIC IPC RC-543B (All versions \u003c V35.01.12), SIMATIC IPC RW-543A (All versions \u003c V1.1.4), SIMATIC IPC RW-543B (All versions \u003c V35.02.10), SIMATIC IPC127E (All versions \u003c V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions \u003c V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions \u003c V28.01.14), SIMATIC\u00a0IPC277G PRO (All versions \u003c V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions \u003c V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions \u003c V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions \u003c V25.02.15), SIMATIC IPC647E (All versions \u003c V25.02.15), SIMATIC IPC677E (All versions \u003c V25.02.15), SIMATIC IPC847E (All versions \u003c V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T08:20:40.658Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-216014.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-56182",
    "datePublished": "2025-03-11T09:48:05.319Z",
    "dateReserved": "2024-12-18T12:06:43.292Z",
    "dateUpdated": "2026-05-12T08:20:40.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SSA-216014

BDU:2025-02901

BDU:2025-04297

CVE-2024-56181 (GCVE-0-2024-56181)

CVE-2024-56182 (GCVE-0-2024-56182)

Tags

Sightings

Nomenclature