IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Siemens SIMATIC IPC Family, ITP1000, and Field PGs

HIGH
CVSS 8.2
Date 2026-05-14T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

// Vulnerabilities (2)

CVE ID CVSS Score Severity Description
CVE-2024-56182 8.2 high
CVE-2024-56182. The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.
CVE-2024-56181 8.2 high
CVE-2024-56181. The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

// Remediations (13)

Patch: Update to V36.01.03 or later version
Update to V36.01.03 or later version
Patch: Update to V35.01.12 or later version
Update to V35.01.12 or later version
Patch: Update to V35.02.10 or later version
Update to V35.02.10 or later version
Patch: Update to V32.01.04 or later version
Update to V32.01.04 or later version
Patch: Update to V31.01.07 or later version
Update to V31.01.07 or later version
Patch: Update to V29.01.07 or later version
Update to V29.01.07 or later version
Patch: Update to V28.01.14 or later version
Update to V28.01.14 or later version
Patch: Update to V25.02.15 or later version
Update to V25.02.15 or later version
Patch: Update to V27.01.11 or later version
Update to V27.01.11 or later version
Mitigation: Restrict access to root/administrator permission for the operating system
Restrict access to root/administrator permission for the operating system
Patch: Update to V26.01.12 or later version
Update to V26.01.12 or later version
Patch: Update to V1.1.4 or later version
Update to V1.1.4 or later version
Patch: Update to V29.01.07 or later version
Update to V29.01.07 or later version

// References