CVE-2024-56182

CVE-2024-56182 is a vulnerability affecting multiple Siemens SIMATIC devices, including Field PG M5 (all versions), Field PG M6 (all versions prior to V26.01.12), and various IPC models such as BX-21A (all versions prior to V31.01.07), BX-32A/BX-39A/BX-59A (all versions prior to V29.01.07 or V32.01.04), PX-32A/PX-39A/PX-39A PRO (all versions prior to V29.01.07), RC-543A/RC-543B (all versions or prior to V35.01.12), RW-543A/RW-543B (all versions prior to V1.1.4 or V35.02.10), IPC127E/IPC227E/IPC277E/IPC427E/IPC477E/IPC477E PRO/IPC627E/IPC647E/IPC677E/IPC847E (all versions or prior to specified updates), IPC227G/IPC277G/IPC277G PRO/IPC327G/IPC377G/IPC527G/IPC647G (all versions or prior to V28.01.14), IPC3000 SMART V3/IPC347G/IPC427E (all versions), and ITP1000 (all versions). The issue stems from insufficient protection mechanisms for EFI (Extensible Firmware Interface) variables stored on the device, classified under CWE-693 with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

An authenticated attacker with high privileges and local access to the affected device can exploit this vulnerability by directly communicating with the flash controller, enabling them to disable the BIOS password without proper authorization. The changed scope (S:C) amplifies the impact, potentially leading to high confidentiality, integrity, and availability consequences, such as unauthorized firmware modifications or persistent access escalation.

Siemens has published security advisory SSA-216014, available at https://cert-portal.siemens.com/productcert/html/ssa-216014.html, which provides details on mitigation strategies and available patches for the affected products. Security practitioners should consult this advisory for version-specific remediation guidance.