github - ghsa-wpmj-mx2h-xgfx

ghsa-wpmj-mx2h-xgfx

Vulnerability from github

Published

2025-03-11 12:30

Modified

2025-06-10 18:32

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

Details

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-56181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-693"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T10:15:15Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions \u003c V31.01.07), SIMATIC IPC BX-32A (All versions \u003c V29.01.07), SIMATIC IPC BX-39A (All versions \u003c V29.01.07), SIMATIC IPC BX-59A (All versions \u003c V32.01.04), SIMATIC IPC PX-32A (All versions \u003c V29.01.07), SIMATIC IPC PX-39A (All versions \u003c V29.01.07), SIMATIC IPC PX-39A PRO (All versions \u003c V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC\u00a0IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions \u003c V25.02.15), SIMATIC IPC647E (All versions \u003c V25.02.15), SIMATIC IPC677E (All versions \u003c V25.02.15), SIMATIC IPC847E (All versions \u003c V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.",
  "id": "GHSA-wpmj-mx2h-xgfx",
  "modified": "2025-06-10T18:32:15Z",
  "published": "2025-03-11T12:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56181"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-216014.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2024-56181 (GCVE-0-2024-56181)

Vulnerability from cvelistv5

Published

2025-03-11 09:48

Modified

2025-06-10 15:17

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-693 - Protection Mechanism Failure

Summary

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

References

►

URL

Tags

https://cert-portal.siemens.com/productcert/html/ssa-216014.html

Impacted products

Vendor

Product

Version

►

Siemens

SIMATIC Field PG M5

Version: 0 < *

Siemens	SIMATIC IPC BX-21A	Version: 0 < V31.01.07
Siemens	SIMATIC IPC BX-32A	Version: 0 < V29.01.07
Siemens	SIMATIC IPC BX-39A	Version: 0 < V29.01.07
Siemens	SIMATIC IPC BX-59A	Version: 0 < V32.01.04
Siemens	SIMATIC IPC PX-32A	Version: 0 < V29.01.07
Siemens	SIMATIC IPC PX-39A	Version: 0 < V29.01.07
Siemens	SIMATIC IPC PX-39A PRO	Version: 0 < V29.01.07
Siemens	SIMATIC IPC RC-543A	Version: 0 < *
Siemens	SIMATIC IPC RC-543B	Version: 0 < *
Siemens	SIMATIC IPC RW-543A	Version: 0 < *
Siemens	SIMATIC IPC RW-543B	Version: 0 < *
Siemens	SIMATIC IPC127E	Version: 0 < *
Siemens	SIMATIC IPC227E	Version: 0 < *
Siemens	SIMATIC IPC227G	Version: 0 < *
Siemens	SIMATIC IPC277E	Version: 0 < *
Siemens	SIMATIC IPC277G	Version: 0 < *
Siemens	SIMATIC IPC277G PRO	Version: 0 < *
Siemens	SIMATIC IPC3000 SMART V3	Version: 0 < *
Siemens	SIMATIC IPC327G	Version: 0 < *
Siemens	SIMATIC IPC347G	Version: 0 < *
Siemens	SIMATIC IPC377G	Version: 0 < *
Siemens	SIMATIC IPC427E	Version: 0 < *
Siemens	SIMATIC IPC477E	Version: 0 < *
Siemens	SIMATIC IPC477E PRO	Version: 0 < *
Siemens	SIMATIC IPC527G	Version: 0 < *
Siemens	SIMATIC IPC627E	Version: 0 < V25.02.15
Siemens	SIMATIC IPC647E	Version: 0 < V25.02.15
Siemens	SIMATIC IPC677E	Version: 0 < V25.02.15
Siemens	SIMATIC IPC847E	Version: 0 < V25.02.15
Siemens	SIMATIC ITP1000	Version: 0 < *

Show details on NVD website