CVE-2024-56182
Published: 11 March 2025
Summary
CVE-2024-56182 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).
Deeper analysis
CVE-2024-56182 is a vulnerability affecting multiple Siemens SIMATIC devices, including Field PG M5 (all versions), Field PG M6 (all versions prior to V26.01.12), and various IPC models such as BX-21A (all versions prior to V31.01.07), BX-32A/BX-39A/BX-59A (all versions prior to V29.01.07 or V32.01.04), PX-32A/PX-39A/PX-39A PRO (all versions prior to V29.01.07), RC-543A/RC-543B (all versions or prior to V35.01.12), RW-543A/RW-543B (all versions prior to V1.1.4 or V35.02.10), IPC127E/IPC227E/IPC277E/IPC427E/IPC477E/IPC477E PRO/IPC627E/IPC647E/IPC677E/IPC847E (all versions or prior to specified updates), IPC227G/IPC277G/IPC277G PRO/IPC327G/IPC377G/IPC527G/IPC647G (all versions or prior to V28.01.14), IPC3000 SMART V3/IPC347G/IPC427E (all versions), and ITP1000 (all versions). The issue stems from insufficient protection mechanisms for EFI (Extensible Firmware Interface) variables stored on the device, classified under CWE-693 with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
An authenticated attacker with high privileges and local access to the affected device can exploit this vulnerability by directly communicating with the flash controller, enabling them to disable the BIOS password without proper authorization. The changed scope (S:C) amplifies the impact, potentially leading to high confidentiality, integrity, and availability consequences, such as unauthorized firmware modifications or persistent access escalation.
Siemens has published security advisory SSA-216014, available at https://cert-portal.siemens.com/productcert/html/ssa-216014.html, which provides details on mitigation strategies and available patches for the affected products. Security practitioners should consult this advisory for version-specific remediation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54269
Vulnerability details
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions <…
more
V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions < V36.01.03), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability's insufficient EFI variable protection allows local high-privileged attackers to disable BIOS passwords and perform unauthorized firmware modifications, directly enabling system firmware manipulation for persistence and access escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access restrictions on EFI variables so that even a local high-privileged user cannot arbitrarily modify or delete the BIOS password variable via the flash controller.
Restricts the ability to change protected firmware configuration (EFI variables) to only authorized and verified subjects, blocking the unauthorized BIOS-password bypass described in the CVE.
Requires cryptographic or hardware verification of firmware and EFI variable integrity, preventing or detecting the unauthorized modifications that allow BIOS password disablement.