LiveActive security incident?Get immediate response
CVE Record

CVE-2024-56181: A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions...

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions < V36.01.03), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

HighCVSS 8.4Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

Certain Siemens SIMATIC industrial PCs and field programming devices may let a highly privileged local user change Secure Boot-related firmware settings without proper authorization. This matters because Secure Boot helps preserve trust in startup code. The issue is serious, but the source data indicates local authenticated access is required.

Executive priority

Prioritize remediation for affected devices that support production operations, engineering workflows, or privileged OT administration. Treat this as high severity because it can undermine firmware trust, but sequence work around devices where local administrator or physical maintenance access is realistic.

Technical view

The affected devices insufficiently protect EFI variables stored on flash. An authenticated attacker with high privileges and local access could communicate with the flash controller and alter Secure Boot configuration. CVSS v4.0 is 8.4, with local attack vector, low complexity, high privileges required, no user interaction, and high integrity/availability impacts.

Likely exposure

Exposure is most likely in organizations using the listed Siemens SIMATIC IPC, Field PG M5, IPC3000 SMART V3, and ITP1000 devices in engineering or industrial environments. Confirm exact model and firmware because some entries list fixed-version thresholds while others state all versions.

Exploitation context

The provided data does not show CISA KEV listing or active exploitation. Exploitation requires authenticated high-privilege local access, which lowers internet-scale risk but remains important for shared engineering workstations, maintenance laptops, and OT endpoints where administrator access may be broadly available.

Researcher notes

Key constraints are AV:L and PR:H, with no user interaction. The security boundary is firmware configuration protection for EFI variables. The source bundle does not provide exploit details, proof of concept, or evidence of exploitation, so validation should stay defensive and configuration-focused.

Mitigation direction

  • Inventory Siemens SIMATIC IPC, Field PG M5, IPC3000 SMART V3, and ITP1000 assets.
  • Compare device firmware versions against the Siemens affected-version thresholds.
  • Update to non-affected Siemens-listed versions where available.
  • For all-version affected products, follow Siemens advisory guidance closely.
  • Restrict local administrator access to trusted engineering and maintenance personnel.
  • Monitor Secure Boot and firmware configuration for unauthorized changes.

Validation and detection

  • Confirm each device model and firmware version from asset records or device management.
  • Check whether the model appears in Siemens SSA-216014 or the CVE record.
  • Verify who has local high-privilege access to affected endpoints.
  • Review Secure Boot state and firmware configuration for unexpected changes.
  • Document products marked all versions separately for vendor follow-up.
Prepared
Confidence
high
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-693: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2024-56181 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.4 (4.0)
Known Exploited
No
Published

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

2CVSS vectors
3Timeline events
1ADP providers
2Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total

CVSS vector scores

2 official scores

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.4CVSS 4.0HighCVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:Hsiemens
8.2CVSS 3.1HighCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H1.56siemens

Vulnerability scoring details

Base CVSS 4.0 score

8.4High
CVSS 4.0 vector shape for CVE-2024-56181Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
SiemensSIMATIC Field PG M50unknown
SiemensSIMATIC IPC BX-21A0unknown
SiemensSIMATIC IPC BX-32A0unknown
SiemensSIMATIC IPC BX-39A0unknown
SiemensSIMATIC IPC BX-59A0unknown
SiemensSIMATIC IPC PX-32A0unknown
SiemensSIMATIC IPC PX-39A0unknown
SiemensSIMATIC IPC PX-39A PRO0unknown
SiemensSIMATIC IPC RC-543A0unknown
SiemensSIMATIC IPC RC-543B0unknown
SiemensSIMATIC IPC RW-543A0unknown
SiemensSIMATIC IPC RW-543B0unknown
SiemensSIMATIC IPC127E0unknown
SiemensSIMATIC IPC227E0unknown
SiemensSIMATIC IPC227G0unknown
SiemensSIMATIC IPC277E0unknown
SiemensSIMATIC IPC277G0unknown
SiemensSIMATIC IPC277G PRO0unknown
SiemensSIMATIC IPC3000 SMART V30unknown
SiemensSIMATIC IPC327G0unknown
SiemensSIMATIC IPC347G0unknown
SiemensSIMATIC IPC377G0unknown
SiemensSIMATIC IPC427E0unknown
SiemensSIMATIC IPC477E0unknown
SiemensSIMATIC IPC477E PRO0unknown
SiemensSIMATIC IPC527G0unknown
SiemensSIMATIC IPC627E0unknown
SiemensSIMATIC IPC647E0unknown
SiemensSIMATIC IPC677E0unknown
SiemensSIMATIC IPC847E0unknown
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-693 · source CWE mapping

Protection Mechanism Failure

Protection Mechanism Failure represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.