As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.4
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC IPC Family, SIMATIC ITP1000, SIMATIC Field PGs
- Vulnerabilities: Protection Mechanism Failure
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an authenticated attacker to alter the secure boot configuration or to disable the BIOS password.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- Siemens SIMATIC Field PG M5: All versions
- Siemens SIMATIC IPC377G: All versions
- Siemens SIMATIC IPC427E: All versions
- Siemens SIMATIC IPC477E: All versions
- Siemens SIMATIC IPC477E PRO: All versions
- Siemens SIMATIC IPC527G: All versions
- Siemens SIMATIC IPC627E: Versions prior to 25.02.15
- Siemens SIMATIC IPC647E: Versions prior to V25.02.15
- Siemens SIMATIC IPC677E: Versions prior to V25.02.15
- Siemens SIMATIC IPC847E: Versions prior to V25.02.15
- Siemens SIMATIC IPC3000 SMART V3: All versions
- Siemens SIMATIC Field PG M6: Versions prior to V26.01.12 (CVE-2024-56182)
- Siemens SIMATIC IPC BX-21A: Versions prior to V31.01.07
- Siemens SIMATIC IPC BX-32A: Versions prior to V29.01.07
- Siemens SIMATIC IPC BX-39A: Versions prior to V29.01.07
- Siemens SIMATIC IPC BX-59A: Versions prior to V32.01.04
- Siemens SIMATIC IPC PX-32A: Versions prior to V29.01.07
- Siemens SIMATIC IPC PX-39A: Versions prior to V29.01.07
- Siemens SIMATIC IPC PX-39A PRO: Versions prior to V29.01.07
- Siemens SIMATIC IPC RC-543B:
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: