CVE-2024-56182

Name of the Vulnerable Software and Affected Versions SIMATIC Field PG M5 versions prior to V26.01.12 SIMATIC Field PG M6 versions prior to V26.01.12 SIMATIC IPC BX-21A versions prior to V31.01.07 SIMATIC IPC BX-32A versions prior to V29.01.07 SIMATIC IPC BX-39A versions prior to V29.01.07 SIMATIC IPC BX-59A versions prior to V32.01.04 SIMATIC IPC PX-32A versions prior to V29.01.07 SIMATIC IPC PX-39A versions prior to V29.01.07 SIMATIC IPC PX-39A PRO versions prior to V29.01.07 SIMATIC IPC RC-543B (all versions) SIMATIC IPC RW-543A (all versions) SIMATIC IPC127E (all versions) SIMATIC IPC227E (all versions) SIMATIC IPC227G (all versions) SIMATIC IPC277E (all versions) SIMATIC IPC277G (all versions) SIMATIC IPC277G PRO (all versions) SIMATIC IPC3000 SMART V3 (all versions) SIMATIC IPC327G (all versions) SIMATIC IPC347G (all versions) SIMATIC IPC377G (all versions) SIMATIC IPC427E (all versions) SIMATIC IPC477E (all versions) SIMATIC IPC477E PRO (all versions) SIMATIC IPC527G (all versions) SIMATIC IPC627E versions prior to V25.02.15 SIMATIC IPC647E versions prior to V25.02.15 SIMATIC IPC677E versions prior to V25.02.15 SIMATIC IPC847E versions prior to V25.02.15 SIMATIC ITP1000 (all versions)

Description The affected devices have insufficient protection mechanisms for the EFI (Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicating with the flash controller.

Recommendations For SIMATIC Field PG M5, update to version V26.01.12 or later. For SIMATIC Field PG M6, update to version V26.01.12 or later. For SIMATIC IPC BX-21A, update to version V31.01.07 or later. For SIMATIC IPC BX-32A, update to version V29.01.07 or later. For SIMATIC IPC BX-39A, update to version V29.01.07 or later. For SIMATIC IPC BX-59A, update to version V32.01.04 or later. For SIMATIC IPC PX-32A, update to version V29.01.07 or later. For SIMATIC IPC PX-39A, update to version V29.01.07 or later. For SIMATIC IPC PX-39A PRO, update to version V29.01.07 or later. For SIMATIC IPC RC-543B, SIMATIC IPC RW-543A, SIMATIC IPC127E, SIMATIC IPC227E, SIMATIC IPC227G, SIMATIC IPC277E, SIMATIC IPC277G, SIMATIC IPC277G PRO, SIMATIC IPC3000 SMART V3, SIMATIC IPC327G, SIMATIC IPC347G, SIMATIC IPC377G, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E PRO, SIMATIC IPC527G, and SIMATIC ITP1000, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SIMATIC IPC627E, SIMATIC IPC647E, SIMATIC IPC677E, and SIMATIC IPC847E, update to version V25.02.15 or later.