Cyber Resilience

CVE-2024-56181

HighUpdated

Published: 11 March 2025

Published
11 March 2025
Modified
12 May 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0001 1.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56181 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2024-56181 is a vulnerability in SIMATIC Field PG M5 (all versions) and multiple SIMATIC IPC models, including BX-21A (all versions < V31.01.07), BX-32A (< V29.01.07), BX-39A (< V29.01.07), BX-59A (< V32.01.04), PX-32A (< V29.01.07), PX-39A (< V29.01.07), PX-39A PRO (< V29.01.07), RC-543A (all versions), RC-543B (< V35.01.12), RW-543A (< V1.1.4), RW-543B (< V35.02.10), IPC127E (< V27.01.11), IPC227E (all versions), IPC227G (< V28.01.14), IPC277E (all versions), IPC277G (< V28.01.14), IPC277G PRO (< V28.01.14), IPC3000 SMART V3 (all versions), IPC327G (< V28.01.14), IPC347G (all versions), IPC377G (< V28.01.14), IPC427E (all versions), IPC477E (all versions), IPC477E PRO (all versions), IPC527G (all versions), IPC627E (< V25.02.15), IPC647E (< V25.02.15), IPC677E (< V25.02.15), IPC847E (< V25.02.15), and ITP1000 (all versions). It stems from insufficient protection mechanisms for EFI (Extensible Firmware Interface) variables stored on the device, classified under CWE-693 with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

An authenticated attacker with high privileges (PR:H) and local access (AV:L) can exploit this vulnerability with low complexity and no user interaction by directly communicating with the flash controller. Successful exploitation allows the attacker to alter the secure boot configuration without proper authorization, potentially compromising the system's confidentiality, integrity, and availability due to the changed scope (S:C).

Siemens security advisory SSA-216014, available at https://cert-portal.siemens.com/productcert/html/ssa-216014.html, provides details on mitigations, including firmware updates to the specified versions that address the vulnerability in affected products.

EU & UK References

Vulnerability details

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04),…

more

SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions < V36.01.03), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
Why these techniques?

Vulnerability in EFI variable protection allows unauthorized modification of secure boot configuration via flash controller access, directly enabling T1542.001 System Firmware for boot process subversion.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-56182Shared CWE-693
CVE-2026-8962Shared CWE-693
CVE-2026-25115Shared CWE-693
CVE-2026-0045Shared CWE-693
CVE-2025-48602Shared CWE-693
CVE-2024-55024Shared CWE-693
CVE-2025-49740Shared CWE-693
CVE-2026-32202Shared CWE-693
CVE-2026-29649Shared CWE-693
CVE-2026-21510Shared CWE-693

Affected Assets

All
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly restricts access to modify EFI variables and secure-boot configuration stored in flash, blocking the local high-privilege attack path described in the CVE.

preventdetect

Requires cryptographic or hardware verification of firmware and EFI variable integrity, preventing and detecting unauthorized alterations to boot configuration.

prevent

Mandates hardware-enforced protection mechanisms for system components such as the flash controller and EFI storage that the CVE exploits.

References