Siemens SIMATIC Industrial PCs (Update A)

Act Now5.9ICS-CERT ICSA-18-058-01AFeb 22, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Siemens SIMATIC Industrial PCs contain an insecure cryptographic key storage vulnerability in BIOS firmware. An attacker with physical or network access to the device could extract embedded cryptographic keys, potentially compromising system security and enabling unauthorized access or system manipulation.

What this means

What could happen

An attacker could extract cryptographic keys from the BIOS, potentially gaining unauthorized access to the industrial PC and ability to execute commands or modify system configurations that control manufacturing processes.

Who's at risk

Manufacturing facilities using Siemens SIMATIC Industrial PCs for process automation and control, including Field-PG M5 mobile workstations, IPC227E/277E/427E/477E/547G fixed industrial computers, and ITP1000 operator interface panels. Organizations running older BIOS versions on these devices are affected.

How it could be exploited

An attacker must gain physical or network access to the SIMATIC Industrial PC and interact with the BIOS or stored cryptographic material. By exploiting the insecure key storage in BIOS firmware (CWE-325), the attacker can extract embedded keys that may unlock system access or enable impersonation of legitimate system components.

Prerequisites

Physical access to the device or network access to BIOS/management interfaces
Ability to interact with or extract BIOS firmware content

High EPSS score (73.4%)Insecure cryptographic key storageAffects industrial automation control systemsMultiple product variants affectedBIOS-level vulnerability

Exploitability

High exploit probability (EPSS 73.4%)

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

SIMATIC Field-PG M5: BIOS < V22.01.04<BIOS V22.01.04BIOS V22.01.04

SIMATIC IPC277E: BIOS < V20.01.10<BIOS V20.01.10BIOS V20.01.10

SIMATIC IPC427E (incl. SIPLUS variants): BIOS < V21.01.07<BIOS V21.01.07BIOS V21.01.07

SIMATIC IPC477E: BIOS < V21.01.07<BIOS V21.01.07BIOS V21.01.07

SIMATIC IPC547G: BIOS < R1.21.0<BIOS R1.21.0BIOS R1.21.0

SIMATIC IPC227E: BIOS < V20.01.10<BIOS V20.01.10BIOS V20.01.10

SIMATIC ITP1000: BIOS < V23.01.03<BIOS V23.01.03BIOS V23.01.03

Remediation & Mitigation

0/8

Schedule — requires maintenance window

0/7

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC Field-PG M5 BIOS to V22.01.04 or later

HOTFIXUpdate SIMATIC IPC227E BIOS to V20.01.10 or later

HOTFIXUpdate SIMATIC IPC277E BIOS to V20.01.10 or later

HOTFIXUpdate SIMATIC IPC427E (including SIPLUS variants) BIOS to V21.01.07 or later

HOTFIXUpdate SIMATIC IPC477E BIOS to V21.01.07 or later

HOTFIXUpdate SIMATIC IPC547G BIOS to R1.21.0 or later

HOTFIXUpdate SIMATIC ITP1000 BIOS to V23.01.03 or later

Long-term hardening

0/1

HARDENINGRestrict physical access to industrial PCs and implement network-level controls to limit access to BIOS and management interfaces

CVEs (1)

CVE-2017-15361

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/107d5785-82a7-48dd-92f7-cb26794d5968