CVE-2024-56181
Essential information
- Published
- 11/03/2025 10:15
- Modified
- 11/03/2025 10:15
- Author
- —
- Creator
- —
- CVSS
- 8.2 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- LOCAL
- Attack complexity
- LOW
- Privileges required
- HIGH
- User interaction
- NONE
- Scope
- CHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.
NVD status
- Status
- Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| siemens / simatic field pg m5 | cpe:2.3:a:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:* |
| siemens / simatic ipc bx-21a | cpe:2.3:a:siemens:simatic_ipc_bx-21a:*:*:*:*:*:*:*:* |
| siemens / simatic ipc bx-32a | cpe:2.3:a:siemens:simatic_ipc_bx-32a:*:*:*:*:*:*:*:* |
| siemens / simatic ipc bx-39a | cpe:2.3:a:siemens:simatic_ipc_bx-39a:*:*:*:*:*:*:*:* |
| siemens / simatic ipc bx-59a | cpe:2.3:a:siemens:simatic_ipc_bx-59a:*:*:*:*:*:*:*:* |
| siemens / simatic ipc px-32a | cpe:2.3:a:siemens:simatic_ipc_px-32a:*:*:*:*:*:*:*:* |
| siemens / simatic ipc px-39a | cpe:2.3:a:siemens:simatic_ipc_px-39a:*:*:*:*:*:*:*:* |
| siemens / simatic ipc rc-543b | cpe:2.3:a:siemens:simatic_ipc_rc-543b:*:*:*:*:*:*:*:* |
| siemens / simatic ipc rw-543a | cpe:2.3:a:siemens:simatic_ipc_rw-543a:*:*:*:*:*:*:*:* |
| siemens / simatic ipc127e | cpe:2.3:a:siemens:simatic_ipc127e:*:*:*:*:*:*:*:* |
| siemens / simatic ipc227e | cpe:2.3:a:siemens:simatic_ipc227e:*:*:*:*:*:*:*:* |
| siemens / simatic ipc277e | cpe:2.3:a:siemens:simatic_ipc277e:*:*:*:*:*:*:*:* |
| siemens / simatic ipc3000 smart v3 | cpe:2.3:a:siemens:simatic_ipc3000_smart_v3:*:*:*:*:*:*:*:* |