Cyber Posture

CVE-2024-56182

High

Published: 11 March 2025

Published
11 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 1.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56182 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 PE-3 (Physical Access Control) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to System Firmware (T1542.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring timely application of Siemens patches that address the insufficient EFI variable protection mechanisms.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Monitors and verifies the integrity of firmware and EFI variables to prevent or detect unauthorized changes such as disabling the BIOS password.

PE-3 Physical Access Control good match
prevent

Enforces physical access controls to limit local access required for an attacker to directly communicate with the flash controller.

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
attack.mitre.org →
Why these techniques?

The vulnerability's insufficient EFI variable protection allows local high-privileged attackers to disable BIOS passwords and perform unauthorized firmware modifications, directly enabling system firmware manipulation for persistence and access escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions <…

more

V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.

Deeper analysisAI

CVE-2024-56182 is a vulnerability affecting multiple Siemens SIMATIC devices, including Field PG M5 (all versions), Field PG M6 (all versions prior to V26.01.12), and various IPC models such as BX-21A (all versions prior to V31.01.07), BX-32A/BX-39A/BX-59A (all versions prior to V29.01.07 or V32.01.04), PX-32A/PX-39A/PX-39A PRO (all versions prior to V29.01.07), RC-543A/RC-543B (all versions or prior to V35.01.12), RW-543A/RW-543B (all versions prior to V1.1.4 or V35.02.10), IPC127E/IPC227E/IPC277E/IPC427E/IPC477E/IPC477E PRO/IPC627E/IPC647E/IPC677E/IPC847E (all versions or prior to specified updates), IPC227G/IPC277G/IPC277G PRO/IPC327G/IPC377G/IPC527G/IPC647G (all versions or prior to V28.01.14), IPC3000 SMART V3/IPC347G/IPC427E (all versions), and ITP1000 (all versions). The issue stems from insufficient protection mechanisms for EFI (Extensible Firmware Interface) variables stored on the device, classified under CWE-693 with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

An authenticated attacker with high privileges and local access to the affected device can exploit this vulnerability by directly communicating with the flash controller, enabling them to disable the BIOS password without proper authorization. The changed scope (S:C) amplifies the impact, potentially leading to high confidentiality, integrity, and availability consequences, such as unauthorized firmware modifications or persistent access escalation.

Siemens has published security advisory SSA-216014, available at https://cert-portal.siemens.com/productcert/html/ssa-216014.html, which provides details on mitigation strategies and available patches for the affected products. Security practitioners should consult this advisory for version-specific remediation guidance.

Details

CWE(s)
CWE-693

Affected Products

All
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2024-56181Shared CWE-693
CVE-2026-32202Shared CWE-693
CVE-2026-20667Shared CWE-693
CVE-2025-15422Shared CWE-693
CVE-2026-7913Shared CWE-693
CVE-2026-41316Shared CWE-693
CVE-2026-32225Shared CWE-693
CVE-2026-29649Shared CWE-693
CVE-2026-6763Shared CWE-693
CVE-2025-49740Shared CWE-693

References