CVE-2024-56181

CVE-2024-56181 is a vulnerability in SIMATIC Field PG M5 (all versions) and multiple SIMATIC IPC models, including BX-21A (all versions < V31.01.07), BX-32A (< V29.01.07), BX-39A (< V29.01.07), BX-59A (< V32.01.04), PX-32A (< V29.01.07), PX-39A (< V29.01.07), PX-39A PRO (< V29.01.07), RC-543A (all versions), RC-543B (< V35.01.12), RW-543A (< V1.1.4), RW-543B (< V35.02.10), IPC127E (< V27.01.11), IPC227E (all versions), IPC227G (< V28.01.14), IPC277E (all versions), IPC277G (< V28.01.14), IPC277G PRO (< V28.01.14), IPC3000 SMART V3 (all versions), IPC327G (< V28.01.14), IPC347G (all versions), IPC377G (< V28.01.14), IPC427E (all versions), IPC477E (all versions), IPC477E PRO (all versions), IPC527G (all versions), IPC627E (< V25.02.15), IPC647E (< V25.02.15), IPC677E (< V25.02.15), IPC847E (< V25.02.15), and ITP1000 (all versions). It stems from insufficient protection mechanisms for EFI (Extensible Firmware Interface) variables stored on the device, classified under CWE-693 with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

An authenticated attacker with high privileges (PR:H) and local access (AV:L) can exploit this vulnerability with low complexity and no user interaction by directly communicating with the flash controller. Successful exploitation allows the attacker to alter the secure boot configuration without proper authorization, potentially compromising the system's confidentiality, integrity, and availability due to the changed scope (S:C).

Siemens security advisory SSA-216014, available at https://cert-portal.siemens.com/productcert/html/ssa-216014.html, provides details on mitigations, including firmware updates to the specified versions that address the vulnerability in affected products.