Cyber Posture

CVE-2024-56181

High

Published: 11 March 2025

Published
11 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 1.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56181 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 PE-3 (Physical Access Control) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to System Firmware (T1542.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely installation of firmware updates that specifically remediate the insufficient EFI variable protections as detailed in the Siemens security advisory.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Monitors and protects the integrity of firmware and EFI variables, preventing and detecting unauthorized alterations to secure boot configurations by privileged local attackers.

PE-3 Physical Access Control good match
prevent

Enforces physical access controls to deny unauthorized local access required for direct communication with the flash controller.

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
attack.mitre.org →
Why these techniques?

Vulnerability in EFI variable protection allows unauthorized modification of secure boot configuration via flash controller access, directly enabling T1542.001 System Firmware for boot process subversion.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04),…

more

SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

Deeper analysisAI

CVE-2024-56181 is a vulnerability in SIMATIC Field PG M5 (all versions) and multiple SIMATIC IPC models, including BX-21A (all versions < V31.01.07), BX-32A (< V29.01.07), BX-39A (< V29.01.07), BX-59A (< V32.01.04), PX-32A (< V29.01.07), PX-39A (< V29.01.07), PX-39A PRO (< V29.01.07), RC-543A (all versions), RC-543B (< V35.01.12), RW-543A (< V1.1.4), RW-543B (< V35.02.10), IPC127E (< V27.01.11), IPC227E (all versions), IPC227G (< V28.01.14), IPC277E (all versions), IPC277G (< V28.01.14), IPC277G PRO (< V28.01.14), IPC3000 SMART V3 (all versions), IPC327G (< V28.01.14), IPC347G (all versions), IPC377G (< V28.01.14), IPC427E (all versions), IPC477E (all versions), IPC477E PRO (all versions), IPC527G (all versions), IPC627E (< V25.02.15), IPC647E (< V25.02.15), IPC677E (< V25.02.15), IPC847E (< V25.02.15), and ITP1000 (all versions). It stems from insufficient protection mechanisms for EFI (Extensible Firmware Interface) variables stored on the device, classified under CWE-693 with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

An authenticated attacker with high privileges (PR:H) and local access (AV:L) can exploit this vulnerability with low complexity and no user interaction by directly communicating with the flash controller. Successful exploitation allows the attacker to alter the secure boot configuration without proper authorization, potentially compromising the system's confidentiality, integrity, and availability due to the changed scope (S:C).

Siemens security advisory SSA-216014, available at https://cert-portal.siemens.com/productcert/html/ssa-216014.html, provides details on mitigations, including firmware updates to the specified versions that address the vulnerability in affected products.

Details

CWE(s)
CWE-693

Affected Products

All
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2024-56182Shared CWE-693
CVE-2026-32202Shared CWE-693
CVE-2026-20667Shared CWE-693
CVE-2025-15422Shared CWE-693
CVE-2026-7913Shared CWE-693
CVE-2026-41316Shared CWE-693
CVE-2026-32225Shared CWE-693
CVE-2026-29649Shared CWE-693
CVE-2026-6763Shared CWE-693
CVE-2025-49740Shared CWE-693

References