CVE-2024-56182

Summary

CVE	CVE-2024-56182
State	PUBLISHED
Assigner	siemens
Source Priority	CVE Program / NVD first with legacy fallback
Published	2025-03-11 10:15:15 UTC
Updated	2026-04-14 09:16:34 UTC
Description	A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.

Risk And Classification

Primary CVSS: v4.0 8.4 HIGH from [email protected]

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS: 0.000100000 probability, percentile 0.011040000 (date 2026-04-15)

Problem Types: CWE-693 | CWE-693 CWE-693: Protection Mechanism Failure

Version	Source	Type	Score	Severity	Vector
4.0	[email protected]	Secondary	8.4	HIGH	`CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/C...`
4.0	CNA	DECLARED	8.4	HIGH	`CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H`
3.1	[email protected]	Secondary	8.2	HIGH	`CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H`
3.1	CNA	DECLARED	8.2	HIGH	`CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H`

CVSS v4.0 Breakdown

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

Confidentiality

None

Integrity

High

Availability

High

Sub Conf.

High

Sub Integrity

High

Sub Availability

High

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS v3.1 Breakdown

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Siemens	SIMATIC Field PG M5	affected * custom	Not specified
CNA	Siemens	SIMATIC Field PG M6	affected V26.01.12 custom	Not specified
CNA	Siemens	SIMATIC IPC BX-21A	affected V31.01.07 custom	Not specified
CNA	Siemens	SIMATIC IPC BX-32A	affected V29.01.07 custom	Not specified
CNA	Siemens	SIMATIC IPC BX-39A	affected V29.01.07 custom	Not specified
CNA	Siemens	SIMATIC IPC BX-59A	affected V32.01.04 custom	Not specified
CNA	Siemens	SIMATIC IPC PX-32A	affected V29.01.07 custom	Not specified
CNA	Siemens	SIMATIC IPC PX-39A	affected V29.01.07 custom	Not specified
CNA	Siemens	SIMATIC IPC PX-39A PRO	affected V29.01.07 custom	Not specified
CNA	Siemens	SIMATIC IPC RC-543A	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC RC-543B	affected V35.01.12 custom	Not specified
CNA	Siemens	SIMATIC IPC RW-543A	affected V1.1.4 custom	Not specified
CNA	Siemens	SIMATIC IPC RW-543B	affected V35.02.10 custom	Not specified
CNA	Siemens	SIMATIC IPC127E	affected V27.01.11 custom	Not specified
CNA	Siemens	SIMATIC IPC227E	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC227G	affected V28.01.14 custom	Not specified
CNA	Siemens	SIMATIC IPC277E	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC277G	affected V28.01.14 custom	Not specified
CNA	Siemens	SIMATICIPC277G PRO	affected V28.01.14 custom	Not specified
CNA	Siemens	SIMATIC IPC3000 SMART V3	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC327G	affected V28.01.14 custom	Not specified
CNA	Siemens	SIMATIC IPC347G	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC377G	affected V28.01.14 custom	Not specified
CNA	Siemens	SIMATIC IPC427E	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC477E	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC477E PRO	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC527G	affected * custom	Not specified
CNA	Siemens	SIMATIC IPC627E	affected V25.02.15 custom	Not specified
CNA	Siemens	SIMATIC IPC647E	affected V25.02.15 custom	Not specified
CNA	Siemens	SIMATIC IPC677E	affected V25.02.15 custom	Not specified
CNA	Siemens	SIMATIC IPC847E	affected V25.02.15 custom	Not specified
CNA	Siemens	SIMATIC ITP1000	affected * custom	Not specified

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/html/ssa-216014.html	[email protected]	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.