8.4
CVE-2024-56182
- EPSS 0.03%
- Veröffentlicht 11.03.2025 09:48:05
- Zuletzt bearbeitet 10.06.2025 16:15:35
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSiemens
≫
Produkt
SIMATIC Field PG M5
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC Field PG M6
Default Statusunknown
Version <
V26.01.12
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC BX-21A
Default Statusunknown
Version <
V31.01.07
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC BX-32A
Default Statusunknown
Version <
V29.01.07
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC BX-39A
Default Statusunknown
Version <
V29.01.07
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC BX-59A
Default Statusunknown
Version <
V32.01.04
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC PX-32A
Default Statusunknown
Version <
V29.01.07
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC PX-39A
Default Statusunknown
Version <
V29.01.07
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC PX-39A PRO
Default Statusunknown
Version <
V29.01.07
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC RC-543A
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC RC-543B
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC RW-543A
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC RW-543B
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC127E
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC227E
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC227G
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC277E
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC277G
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC277G PRO
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC3000 SMART V3
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC327G
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC347G
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC377G
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC427E
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC477E
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC477E PRO
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC527G
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC627E
Default Statusunknown
Version <
V25.02.15
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC647E
Default Statusunknown
Version <
V25.02.15
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC677E
Default Statusunknown
Version <
V25.02.15
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC847E
Default Statusunknown
Version <
V25.02.15
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC ITP1000
Default Statusunknown
Version <
*
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 8.4 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 8.2 | 1.5 | 6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.