CVE-2024-56182

Summary

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions < V36.01.03), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC Field PG M50 < *affected
SiemensSIMATIC Field PG M60 < V26.01.12affected
SiemensSIMATIC IPC BX-21A0 < V31.01.07affected
SiemensSIMATIC IPC BX-32A0 < V29.01.07affected
SiemensSIMATIC IPC BX-39A0 < V29.01.07affected
SiemensSIMATIC IPC BX-59A0 < V32.01.04affected
SiemensSIMATIC IPC PX-32A0 < V29.01.07affected
SiemensSIMATIC IPC PX-39A0 < V29.01.07affected
SiemensSIMATIC IPC PX-39A PRO0 < V29.01.07affected
SiemensSIMATIC IPC RC-543A0 < V36.01.03affected
SiemensSIMATIC IPC RC-543B0 < V35.01.12affected
SiemensSIMATIC IPC RW-543A0 < V1.1.4affected
SiemensSIMATIC IPC RW-543B0 < V35.02.10affected
SiemensSIMATIC IPC127E0 < V27.01.11affected
SiemensSIMATIC IPC227E0 < *affected
SiemensSIMATIC IPC227G0 < V28.01.14affected
SiemensSIMATIC IPC277E0 < *affected
SiemensSIMATIC IPC277G0 < V28.01.14affected
SiemensSIMATIC IPC277G PRO0 < V28.01.14affected
SiemensSIMATIC IPC3000 SMART V30 < *affected
SiemensSIMATIC IPC327G0 < V28.01.14affected
SiemensSIMATIC IPC347G0 < *affected
SiemensSIMATIC IPC377G0 < V28.01.14affected
SiemensSIMATIC IPC427E0 < *affected
SiemensSIMATIC IPC477E0 < *affected
SiemensSIMATIC IPC477E PRO0 < *affected
SiemensSIMATIC IPC527G0 < *affected
SiemensSIMATIC IPC627E0 < V25.02.15affected
SiemensSIMATIC IPC647E0 < V25.02.15affected
SiemensSIMATIC IPC677E0 < V25.02.15affected
SiemensSIMATIC IPC847E0 < V25.02.15affected
SiemensSIMATIC ITP10000 < *affected

Weaknesses

  • CWE-693: CWE-693: Protection Mechanism Failure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References