admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-561xx/CVE-2024-56181.json
cad-safe-bot 7ab230f046 Auto-Update: 2025-03-16T03:00:19.723046+00:00
2025-03-16 03:03:50 +00:00

104 lines
6.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-56181",
"sourceIdentifier": "productcert@siemens.com",
"published": "2025-03-11T10:15:15.597",
"lastModified": "2025-03-11T10:15:15.597",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC\u00a0IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Field PG M5 (todas las versiones), SIMATIC IPC BX-21A (todas las versiones &lt; V31.01.07), SIMATIC IPC BX-32A (todas las versiones &lt; V29.01.07), SIMATIC IPC BX-39A (todas las versiones &lt; V29.01.07), SIMATIC IPC BX-59A (todas las versiones &lt; V32.01.04), SIMATIC IPC PX-32A (todas las versiones &lt; V29.01.07), SIMATIC IPC PX-39A (todas las versiones &lt; V29.01.07), SIMATIC IPC PX-39A PRO (todas las versiones &lt; V29.01.07), SIMATIC IPC RC-543B (todas las versiones), SIMATIC IPC RW-543A (todas las versiones), SIMATIC IPC127E (todas las versiones), SIMATIC IPC227E (todas las versiones), SIMATIC IPC227G (todas las versiones), SIMATIC IPC277E (todas las versiones), SIMATIC IPC277G (todas las versiones), SIMATIC IPC277G PRO (todas las versiones), SIMATIC IPC3000 SMART V3 (todas las versiones), SIMATIC IPC327G (todas las versiones), SIMATIC IPC347G (todas las versiones), SIMATIC IPC377G (todas las versiones), SIMATIC IPC427E (todas las versiones), SIMATIC IPC477E (todas las versiones), SIMATIC IPC477E PRO (todas las versiones), SIMATIC IPC527G (todas las versiones), SIMATIC IPC627E (todas las versiones &lt; V25.02.15), SIMATIC IPC647E (todas las versiones &lt; V25.02.15), SIMATIC IPC677E (todas las versiones &lt; V25.02.15), SIMATIC IPC847E (todas las versiones &lt; V25.02.15), SIMATIC ITP1000 (todas las versiones Los dispositivos afectados no cuentan con un mecanismo de protecci\u00f3n suficiente para las variables EFI (interfaz de firmware extensible) almacenadas en el dispositivo. Esto podr\u00eda permitir que un atacante autenticado altere la configuraci\u00f3n de arranque seguro sin la debida autorizaci\u00f3n comunic\u00e1ndose directamente con el controlador flash."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-216014.html",
"source": "productcert@siemens.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink