SSA-216014

Siemens Security Advisory by Siemens ProductCERT

SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs

Publication Date:	2025-03-11
Last Update:	2025-06-10
Current Version:	V1.1
CVSS v3.1 Base Score:	8.2
CVSS v4.0 Base Score:	8.4

SUMMARY

Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations.

Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
SIMATIC Field PG	Show more details See recommendations from section Workarounds and Mitigations
SIMATIC Field PG M5 All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC Field PG M6 All versions < V26.01.12 affected by CVE-2024-56182	Update to V26.01.12 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC family	Show more details See recommendations from section Workarounds and Mitigations
SIMATIC IPC BX-21A All versions < V31.01.07 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V31.01.07 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC BX-32A All versions < V29.01.07 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V29.01.07 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC BX-39A / IPC PX-39A / IPC PX-39A PRO	Update to V29.01.07 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See recommendations from section Workarounds and Mitigations
SIMATIC IPC BX-39A All versions < V29.01.07 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V29.01.07 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC PX-39A All versions < V29.01.07 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V29.01.07 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC PX-39A PRO All versions < V29.01.07 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V29.01.07 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC BX-59A All versions < V32.01.04 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V32.01.04 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC PX-32A All versions < V29.01.07 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V29.01.07 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC RC-543A All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC RC-543B All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC RW-543A All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC RW-543B All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC127E All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC227E All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC IPC227G / IPC277G / IPC277G PRO / IPC327G / IPC377G	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC227G All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC277G All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC277G PRO All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC327G All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC377G All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC277E All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC IPC3000 SMART V3 All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC IPC347G All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC IPC427E / IPC477E / IPC477E PRO	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC427E All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC477E All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC477E PRO All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC IPC527G All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC IPC627E / IPC647E / IPC677E / IPC847E	Update to V25.02.15 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See recommendations from section Workarounds and Mitigations
SIMATIC IPC627E All versions < V25.02.15 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V25.02.15 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC647E All versions < V25.02.15 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V25.02.15 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC677E All versions < V25.02.15 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V25.02.15 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC IPC847E All versions < V25.02.15 affected by all CVEs CVE-2024-56181 CVE-2024-56182	Update to V25.02.15 or later version https://support.industry.siemens.com/cs/ww/en/view/109763408/ See further recommendations from section Workarounds and Mitigations
SIMATIC ITP1000 All versions affected by all CVEs CVE-2024-56181 CVE-2024-56182	Currently no fix is available See recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

CVE-2024-56181, CVE-2024-56182: Restrict access to root/administrator permission for the operating system

Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SIMATIC IPC (Industrial PC) is the hardware platform for PC-based automation from Siemens.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-56181

The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

CVSS v3.1 Base Score	8.2
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score	8.4
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H
CWE	CWE-693: Protection Mechanism Failure

Vulnerability CVE-2024-56182

The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.

CVSS v3.1 Base Score	8.2
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score	8.4
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H
CWE	CWE-693: Protection Mechanism Failure

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-03-11):	Publication Date
V1.1 (2025-06-10):	Added SIMATIC IPC RC-543A and RW-543B; Updated SIMATIC IPC3000 Smart V3, IPC 347G, IPC 527G

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.