1. EXECUTIVE SUMMARY
- CVSS v4 8.4
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC IPC Family, SIMATIC ITP1000, SIMATIC Field PGs
- Vulnerabilities: Protection Mechanism Failure
2. RISK EVALUATION
The vulnerabilities identified in Siemens products pose a significant risk to industrial control systems (ICS). Successful exploitation could enable an authenticated attacker to manipulate the secure boot configuration or disable the BIOS password, potentially leading to unauthorized access and control over critical systems.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens has confirmed that the following products are affected by the vulnerabilities:
- Siemens SIMATIC Field PG M5: All versions
- Siemens SIMATIC IPC377G: All versions
- Siemens SIMATIC IPC427E: All versions
- Siemens SIMATIC IPC477E: All versions
- Siemens SIMATIC IPC477E PRO: All versions
- Siemens SIMATIC IPC527G: All versions
- Siemens SIMATIC IPC627E: Versions prior to 25.02.15
- Siemens SIMATIC IPC647E: Versions prior to V25.02.15
- Siemens SIMATIC IPC677E: Versions prior to V25.02.15
- Siemens SIMATIC IPC847E: Versions prior to V25.02.15
- Siemens SIMATIC IPC3000 SMART V3: All versions
- Siemens SIMATIC Field PG M6: Versions prior to V26.01.12 (CVE-2024-56182)
- Siemens SIMATIC IPC BX-21A: Versions prior to V31.01.07
- Siemens SIMATIC IPC BX-32A: Versions prior to V29.01.07
- Siemens SIMATIC IPC BX-39A: Versions prior to V29.01.07
- Siemens SIMATIC IPC BX-59A: Versions prior to V32.01.04
- Siemens SIMATIC IPC PX-32A: Versions prior to V29.01.07
- Siemens SIMATIC IPC PX-39A: Versions prior to V29.01.07
- Siemens SIMATIC IPC PX-39A PRO: Versions prior to V29.01.07
- Siemens SIMATIC IPC RC-543B: All versions
- Siemens SIMATIC IPC RW-543A: All versions
- Siemens SIMATIC ITP1000: All versions
- Siemens SIMATIC IPC127E: All versions
- Siemens SIMATIC IPC277G PRO: All versions
- Siemens SIMATIC IPC227E: All versions
- Siemens SIMATIC IPC227G: All versions
- Siemens SIMATIC IPC277E: All versions
- Siemens SIMATIC IPC277G: All versions
- Siemens SIMATIC IPC327G: All versions
- Siemens SIMATIC IPC347G: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 PROTECTION MECHANISM FAILURE CWE-693
The affected devices exhibit a failure in their protection mechanisms concerning the EFI (Extensible Firmware Interface) variables stored on the device. This vulnerability allows an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicating with the flash controller.
CVE-2024-56181 has been assigned to this vulnerability, with a CVSS v3 base score of 8.2. The CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-56181, resulting in a base score of 8.4, with the CVSS vector string being (CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H).
3.2.2 PROTECTION MECHANISM FAILURE CWE-693
This vulnerability also allows an authenticated attacker to disable the BIOS password without proper authorization by directly communicating with the flash controller. This could lead to unauthorized access to the system.
CVE-2024-56182 has been assigned to this vulnerability, with a CVSS v3 base score of 8.2.




