Siemens SIMATIC Industrial Products
Plan PatchCVSS 7.9ICS-CERT ICSA-23-047-09Feb 14, 2023
SiemensManufacturing
Attack path
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
This advisory addresses Intel-SA-00688 vulnerabilities that affect Siemens SIMATIC industrial products. The vulnerabilities stem from underlying Intel BIOS issues and require local code execution with elevated privileges to exploit. Siemens has released BIOS updates (2022.3 IPU) for most affected products. A successful attack allows an attacker to modify device firmware or system settings, potentially disrupting industrial processes. The SIMATIC ITP1000 is affected across all versions with no patch available from Siemens.
What this means
What could happen
An attacker with local access to a Siemens industrial PC or engineering workstation could execute untrusted code with high privileges, potentially modifying device firmware or process settings and disrupting manufacturing operations. The SIMATIC ITP1000 cannot be patched and remains at risk.
Who's at risk
Manufacturing facilities operating Siemens SIMATIC industrial PCs, engineering workstations, and field portable devices (Field PG models) that are used for process control, configuration, and diagnostics. This includes automotive, chemical, utilities, and discrete manufacturing sectors. The engineering workstations (Field PG M5, M6) and embedded industrial PCs (IPC427E through IPC847E series) are particularly critical as they directly control or configure production systems.
How it could be exploited
An attacker must first gain the ability to run untrusted code on the affected device—typically by executing a malicious file, application, or script on the engineering workstation or industrial PC. Once code execution is achieved with elevated privileges, the attacker can modify system settings or firmware, affecting the device's control logic or availability.
Prerequisites
- Local access to the device (not remotely exploitable)
- Ability to execute untrusted code on the device (e.g., via compromised USB, file share, or user action)
- High privilege context (administrative or engineering credentials may be required depending on system configuration)
Requires local code execution (reduced remote risk but still a privilege escalation threat)No patch available for SIMATIC ITP1000 (all versions affected)Affects high-privilege operations (firmware/system configuration)Related to Intel BIOS vulnerabilities with potential for supply-chain propagation
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (14)
13 with fix1 EOL
ProductAffected VersionsFix Status
SIMATIC Field PG M5<V22.01.1122.01.11
SIMATIC ITP1000All versionsNo fix (EOL)
SIMATIC Field PG M6<V26.01.1126.01.11
SIMATIC IPC BX-39A<V29.01.0329.01.03
SIMATIC IPC PX-39A<V29.01.0329.01.03
SIMATIC IPC PX-39A PRO<V29.01.0329.01.03
SIMATIC IPC427E<V21.01.1921.01.19
SIMATIC IPC477E<V21.01.1921.01.19
Remediation & Mitigation
0/17
Do now
0/1WORKAROUNDRestrict local code execution on affected devices by disabling USB auto-run, enforcing application whitelisting, and controlling file share access from untrusted networks
Schedule — requires maintenance window
0/13Patching may require device reboot — plan for process interruption
SIMATIC Field PG M5
HOTFIXUpdate SIMATIC Field PG M5 to version 22.01.11 or later
SIMATIC Field PG M6
HOTFIXUpdate SIMATIC Field PG M6 to version 26.01.11 or later
SIMATIC IPC BX-39A
HOTFIXUpdate SIMATIC IPC BX-39A to version 29.01.03 or later
SIMATIC IPC PX-39A
HOTFIXUpdate SIMATIC IPC PX-39A to version 29.01.03 or later
HOTFIXUpdate SIMATIC IPC PX-39A PRO to version 29.01.03 or later
SIMATIC IPC427E
HOTFIXUpdate SIMATIC IPC427E to version 21.01.19 or later
SIMATIC IPC477E
HOTFIXUpdate SIMATIC IPC477E to version 21.01.19 or later
HOTFIXUpdate SIMATIC IPC477E PRO to version 21.01.19 or later
SIMATIC IPC627E
HOTFIXUpdate SIMATIC IPC627E to version 25.02.14 or later
SIMATIC IPC647E
HOTFIXUpdate SIMATIC IPC647E to version 25.02.14 or later
SIMATIC IPC677E
HOTFIXUpdate SIMATIC IPC677E to version 25.02.14 or later
SIMATIC IPC847E
HOTFIXUpdate SIMATIC IPC847E to version 25.02.14 or later
SIPLUS IPC427E
HOTFIXUpdate SIPLUS IPC427E to version 21.01.19 or later
Mitigations - no patch available
0/3SIMATIC ITP1000 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGFor SIMATIC ITP1000 (no patch available), implement additional host-level monitoring to detect unauthorized code execution and restrict physical access to the device
HARDENINGIsolate engineering workstations and industrial PCs from business networks using network segmentation and firewalls
HARDENINGImplement access controls to limit who can log into and execute code on industrial workstations and PCs
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9780d206-2ab1-4911-b161-bc5fce8d1665Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.