CVE-2024-56182
First published: Tue Mar 11 2025(Updated: )
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic Field PG M5 | =All versions | |
| Siemens Simatic Field PG M6 Firmware | <V26.01.12 | |
| Siemens SIMATIC IPC BX-21A | <V31.01.07 | |
| Siemens SIMATIC IPC BX-32A | <V29.01.07 | |
| Siemens SIMATIC IPC BX-39A | <V29.01.07 | |
| Siemens SIMATIC IPC BX-59A | <V32.01.04 | |
| Siemens SIMATIC IPC PX-32A | <V29.01.07 | |
| Siemens SIMATIC IPC PX-39A PRO | <V29.01.07 | |
| Siemens SIMATIC IPC PX-39A PRO | <V29.01.07 | |
| Siemens SIMATIC IPC RC-543B | =All versions | |
| Siemens SIMATIC IPC | =All versions | |
| Siemens Simatic IPC127E Firmware | =All versions | |
| Siemens SIMATIC IPC227E | =All versions | |
| Siemens Simatic IPC227G Firmware | =All versions | |
| Siemens SIMATIC IPC277E | =All versions | |
| Siemens SIMATIC IPC277G PRO | =All versions | |
| Siemens SIMATIC IPC277G PRO | =All versions | |
| Siemens SIMATIC IPC3000 SMART V3 | =All versions | |
| Siemens Simatic IPC327G Firmware | =All versions | |
| Siemens SIMATIC IPC347G | =All versions | |
| Siemens Simatic IPC377G | =All versions | |
| Siemens Simatic IPC427E Firmware | =All versions | |
| Siemens Simatic IPC477E Firmware | =All versions | |
| Siemens Simatic IPC477E Firmware | =All versions | |
| Siemens Simatic IPC527G Firmware | =All versions | |
| Siemens Simatic IPC627E Firmware | <V25.02.15 | |
| Siemens Simatic IPC647E Firmware | <V25.02.15 | |
| Siemens Simatic IPC677E Firmware | <V25.02.15 | |
| Siemens Simatic IPC847E Firmware | <V25.02.15 | |
| Siemens Simatic ITP1000 Firmware | =All versions |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-56182?
CVE-2024-56182 has been classified with a high severity rating due to potential impacts on device integrity and availability.
How do I fix CVE-2024-56182?
To remediate CVE-2024-56182, update your affected SIMATIC devices to the latest available versions as specified by Siemens.
Which devices are affected by CVE-2024-56182?
CVE-2024-56182 affects multiple Siemens SIMATIC devices including Field PG M5, Field PG M6, and various IPC models.
What are the potential risks of CVE-2024-56182?
The risks of CVE-2024-56182 include unauthorized access and manipulation of critical systems using the affected devices.
Is there a specific patch available for CVE-2024-56182?
Yes, Siemens has released specific updates and patches for all impacted devices to address CVE-2024-56182.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/siemens
- canonical/siemens simatic field pg m5
- canonical/siemens simatic field pg m6 firmware
- canonical/siemens simatic ipc bx-21a
- canonical/siemens simatic ipc bx-32a
- canonical/siemens simatic ipc bx-39a
- canonical/siemens simatic ipc bx-59a
- canonical/siemens simatic ipc px-32a
- canonical/siemens simatic ipc px-39a pro
- canonical/siemens simatic ipc rc-543b
- canonical/siemens simatic ipc
- canonical/siemens simatic ipc127e firmware
- canonical/siemens simatic ipc227e
- canonical/siemens simatic ipc227g firmware
- canonical/siemens simatic ipc277e
- canonical/siemens simatic ipc277g pro
- canonical/siemens simatic ipc3000 smart v3
- canonical/siemens simatic ipc327g firmware
- canonical/siemens simatic ipc347g
- canonical/siemens simatic ipc377g
- canonical/siemens simatic ipc427e firmware
- canonical/siemens simatic ipc477e firmware
- canonical/siemens simatic ipc527g firmware
- canonical/siemens simatic ipc627e firmware
- canonical/siemens simatic ipc647e firmware
- canonical/siemens simatic ipc677e firmware
- canonical/siemens simatic ipc847e firmware
- canonical/siemens simatic itp1000 firmware