Security readout for executives and security teams
Plain-English summary
Certain Siemens SIMATIC industrial PCs and field programming devices may let a highly privileged local user change Secure Boot-related firmware settings without proper authorization. This matters because Secure Boot helps preserve trust in startup code. The issue is serious, but the source data indicates local authenticated access is required.
Executive priority
Prioritize remediation for affected devices that support production operations, engineering workflows, or privileged OT administration. Treat this as high severity because it can undermine firmware trust, but sequence work around devices where local administrator or physical maintenance access is realistic.
Technical view
The affected devices insufficiently protect EFI variables stored on flash. An authenticated attacker with high privileges and local access could communicate with the flash controller and alter Secure Boot configuration. CVSS v4.0 is 8.4, with local attack vector, low complexity, high privileges required, no user interaction, and high integrity/availability impacts.
Likely exposure
Exposure is most likely in organizations using the listed Siemens SIMATIC IPC, Field PG M5, IPC3000 SMART V3, and ITP1000 devices in engineering or industrial environments. Confirm exact model and firmware because some entries list fixed-version thresholds while others state all versions.
Exploitation context
The provided data does not show CISA KEV listing or active exploitation. Exploitation requires authenticated high-privilege local access, which lowers internet-scale risk but remains important for shared engineering workstations, maintenance laptops, and OT endpoints where administrator access may be broadly available.
Researcher notes
Key constraints are AV:L and PR:H, with no user interaction. The security boundary is firmware configuration protection for EFI variables. The source bundle does not provide exploit details, proof of concept, or evidence of exploitation, so validation should stay defensive and configuration-focused.
Mitigation direction
Inventory Siemens SIMATIC IPC, Field PG M5, IPC3000 SMART V3, and ITP1000 assets.
Compare device firmware versions against the Siemens affected-version thresholds.
Update to non-affected Siemens-listed versions where available.
For all-version affected products, follow Siemens advisory guidance closely.
Restrict local administrator access to trusted engineering and maintenance personnel.
Monitor Secure Boot and firmware configuration for unauthorized changes.
Validation and detection
Confirm each device model and firmware version from asset records or device management.
Check whether the model appears in Siemens SSA-216014 or the CVE record.
Verify who has local high-privilege access to affected endpoints.
Review Secure Boot state and firmware configuration for unexpected changes.
Document products marked all versions separately for vendor follow-up.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-693: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
2CVSS vectors
3Timeline events
1ADP providers
2Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total
CVSS vector scores
2 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-693 · source CWE mapping
Protection Mechanism Failure
Protection Mechanism Failure represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.