CVE-2024-56182

Description

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.

Category

8.4
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.02%
Affected: Siemens SIMATIC Field PG M5
Affected: Siemens SIMATIC Field PG M6
Affected: Siemens SIMATIC IPC BX-21A
Affected: Siemens SIMATIC IPC BX-32A
Affected: Siemens SIMATIC IPC BX-39A
Affected: Siemens SIMATIC IPC BX-59A
Affected: Siemens SIMATIC IPC PX-32A
Affected: Siemens SIMATIC IPC PX-39A
Affected: Siemens SIMATIC IPC PX-39A PRO
Affected: Siemens SIMATIC IPC RC-543B
Affected: Siemens SIMATIC IPC RW-543A
Affected: Siemens SIMATIC IPC127E
Affected: Siemens SIMATIC IPC227E
Affected: Siemens SIMATIC IPC227G
Affected: Siemens SIMATIC IPC277E
Affected: Siemens SIMATIC IPC277G
Affected: Siemens SIMATIC IPC277G PRO
Affected: Siemens SIMATIC IPC3000 SMART V3
Affected: Siemens SIMATIC IPC327G
Affected: Siemens SIMATIC IPC347G
Affected: Siemens SIMATIC IPC377G
Affected: Siemens SIMATIC IPC427E
Affected: Siemens SIMATIC IPC477E
Affected: Siemens SIMATIC IPC477E PRO
Affected: Siemens SIMATIC IPC527G
Affected: Siemens SIMATIC IPC627E
Affected: Siemens SIMATIC IPC647E
Affected: Siemens SIMATIC IPC677E
Affected: Siemens SIMATIC IPC847E
Affected: Siemens SIMATIC ITP1000
Published at:
Updated at:

References

Link Tags
https://cert-portal.siemens.com/productcert/html/ssa-216014.html

Frequently Asked Questions

What is the severity of CVE-2024-56182?
CVE-2024-56182 has been scored as a high severity vulnerability.
How to fix CVE-2024-56182?
To fix CVE-2024-56182, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56182 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56182 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56182?
CVE-2024-56182 affects Siemens SIMATIC Field PG M5, Siemens SIMATIC Field PG M6, Siemens SIMATIC IPC BX-21A, Siemens SIMATIC IPC BX-32A, Siemens SIMATIC IPC BX-39A, Siemens SIMATIC IPC BX-59A, Siemens SIMATIC IPC PX-32A, Siemens SIMATIC IPC PX-39A, Siemens SIMATIC IPC PX-39A PRO, Siemens SIMATIC IPC RC-543B, Siemens SIMATIC IPC RW-543A, Siemens SIMATIC IPC127E, Siemens SIMATIC IPC227E, Siemens SIMATIC IPC227G, Siemens SIMATIC IPC277E, Siemens SIMATIC IPC277G, Siemens SIMATIC IPC277G PRO, Siemens SIMATIC IPC3000 SMART V3, Siemens SIMATIC IPC327G, Siemens SIMATIC IPC347G, Siemens SIMATIC IPC377G, Siemens SIMATIC IPC427E, Siemens SIMATIC IPC477E, Siemens SIMATIC IPC477E PRO, Siemens SIMATIC IPC527G, Siemens SIMATIC IPC627E, Siemens SIMATIC IPC647E, Siemens SIMATIC IPC677E, Siemens SIMATIC IPC847E, Siemens SIMATIC ITP1000.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.