CVE-2024-56181

Published: Mar 11, 2025

Modified: May 12, 2026

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions < V36.01.03), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

Vendor	Product	Versions
Siemens	SIMATIC Field PG M5	affected `0 - < *`
Siemens	SIMATIC IPC BX-21A	affected `0 - < V31.01.07`
Siemens	SIMATIC IPC BX-32A	affected `0 - < V29.01.07`
Siemens	SIMATIC IPC BX-39A	affected `0 - < V29.01.07`
Siemens	SIMATIC IPC BX-59A	affected `0 - < V32.01.04`
Siemens	SIMATIC IPC PX-32A	affected `0 - < V29.01.07`
Siemens	SIMATIC IPC PX-39A	affected `0 - < V29.01.07`
Siemens	SIMATIC IPC PX-39A PRO	affected `0 - < V29.01.07`
Siemens	SIMATIC IPC RC-543A	affected `0 - < V36.01.03`
Siemens	SIMATIC IPC RC-543B	affected `0 - < V35.01.12`
Siemens	SIMATIC IPC RW-543A	affected `0 - < V1.1.4`
Siemens	SIMATIC IPC RW-543B	affected `0 - < V35.02.10`
Siemens	SIMATIC IPC127E	affected `0 - < V27.01.11`
Siemens	SIMATIC IPC227E	affected `0 - < *`
Siemens	SIMATIC IPC227G	affected `0 - < V28.01.14`
Siemens	SIMATIC IPC277E	affected `0 - < *`
Siemens	SIMATIC IPC277G	affected `0 - < V28.01.14`
Siemens	SIMATIC IPC277G PRO	affected `0 - < V28.01.14`
Siemens	SIMATIC IPC3000 SMART V3	affected `0 - < *`
Siemens	SIMATIC IPC327G	affected `0 - < V28.01.14`
Siemens	SIMATIC IPC347G	affected `0 - < *`
Siemens	SIMATIC IPC377G	affected `0 - < V28.01.14`
Siemens	SIMATIC IPC427E	affected `0 - < *`
Siemens	SIMATIC IPC477E	affected `0 - < *`
Siemens	SIMATIC IPC477E PRO	affected `0 - < *`
Siemens	SIMATIC IPC527G	affected `0 - < *`
Siemens	SIMATIC IPC627E	affected `0 - < V25.02.15`
Siemens	SIMATIC IPC647E	affected `0 - < V25.02.15`
Siemens	SIMATIC IPC677E	affected `0 - < V25.02.15`
Siemens	SIMATIC IPC847E	affected `0 - < V25.02.15`
Siemens	SIMATIC ITP1000	affected `0 - < *`

Weaknesses (CWE)

CWE-693

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://cert-portal.siemens.com/productcert/html/ssa-216014.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-56181

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References