CVE-2024-56181
Published: 11 March 2025
Summary
CVE-2024-56181 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2024-56181 is a vulnerability in SIMATIC Field PG M5 (all versions) and multiple SIMATIC IPC models, including BX-21A (all versions < V31.01.07), BX-32A (< V29.01.07), BX-39A (< V29.01.07), BX-59A (< V32.01.04), PX-32A (< V29.01.07), PX-39A (< V29.01.07), PX-39A PRO (< V29.01.07), RC-543A (all versions), RC-543B (< V35.01.12), RW-543A (< V1.1.4), RW-543B (< V35.02.10), IPC127E (< V27.01.11), IPC227E (all versions), IPC227G (< V28.01.14), IPC277E (all versions), IPC277G (< V28.01.14), IPC277G PRO (< V28.01.14), IPC3000 SMART V3 (all versions), IPC327G (< V28.01.14), IPC347G (all versions), IPC377G (< V28.01.14), IPC427E (all versions), IPC477E (all versions), IPC477E PRO (all versions), IPC527G (all versions), IPC627E (< V25.02.15), IPC647E (< V25.02.15), IPC677E (< V25.02.15), IPC847E (< V25.02.15), and ITP1000 (all versions). It stems from insufficient protection mechanisms for EFI (Extensible Firmware Interface) variables stored on the device, classified under CWE-693 with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
An authenticated attacker with high privileges (PR:H) and local access (AV:L) can exploit this vulnerability with low complexity and no user interaction by directly communicating with the flash controller. Successful exploitation allows the attacker to alter the secure boot configuration without proper authorization, potentially compromising the system's confidentiality, integrity, and availability due to the changed scope (S:C).
Siemens security advisory SSA-216014, available at https://cert-portal.siemens.com/productcert/html/ssa-216014.html, provides details on mitigations, including firmware updates to the specified versions that address the vulnerability in affected products.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54268
Vulnerability details
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04),…
more
SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions < V36.01.03), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in EFI variable protection allows unauthorized modification of secure boot configuration via flash controller access, directly enabling T1542.001 System Firmware for boot process subversion.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly restricts access to modify EFI variables and secure-boot configuration stored in flash, blocking the local high-privilege attack path described in the CVE.
Requires cryptographic or hardware verification of firmware and EFI variable integrity, preventing and detecting unauthorized alterations to boot configuration.
Mandates hardware-enforced protection mechanisms for system components such as the flash controller and EFI storage that the CVE exploits.