OTPulse
FeedAboutContact

Siemens SIMATIC IPC Family, ITP1000, and Field PGs

Plan Patch8.2ICS-CERT ICSA-25-072-11Mar 11, 2025
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Multiple vulnerabilities in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs allow authenticated attackers with root or administrator permissions to alter secure boot and password configurations. These devices are commonly used as engineering workstations, operator interfaces, and control system platforms in industrial environments. Some affected products (Field PG M5, IPC127E, IPC227E, IPC277E, IPC347G, IPC427E, IPC477E/477E PRO, IPC527G, IPC3000 SMART V3, RC-543A, RW-543A, and ITP1000) have no fix currently available. Siemens recommends restricting root/administrator access and applying BIOS updates for products where patches are available.

What this means
What could happen
An authenticated attacker with root/administrator access could modify secure boot settings and password configurations on industrial PCs and tablets, potentially compromising system integrity and enabling unauthorized access to control system operations.
Who's at risk
This affects Siemens SIMATIC industrial PC platforms (BX, PX, RC, RW, and E series), SIMATIC tablet PCs (IPC127E through IPC477E PRO), SIMATIC ITP1000 industrial touch panels, and Field PG engineering workstations. These devices are used across water treatment, power distribution, manufacturing, and other process control environments. Operators of these systems should assess which models are deployed in their control networks.
How it could be exploited
An attacker with local administrative privileges on the device could directly alter BIOS or firmware configuration to disable secure boot verification and reset administrative passwords, allowing subsequent bypass of authentication controls and deeper system compromise.
Prerequisites
  • Local access to the device or remote access as root/administrator user
  • Administrative privilege level on the operating system
  • Physical or remote console access to modify BIOS/firmware settings
Low attack complexityRequires authenticated access (root/administrator)Not remotely exploitableMultiple products have no patch availableAffects system security controls (secure boot, password authentication)
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (32)
19 with fix13 pending
ProductAffected VersionsFix Status
SIMATIC Field PG M5All versionsNo fix yet
SIMATIC IPC BX-21A< 31.01.0731.01.07
SIMATIC IPC BX-32A< 29.01.0729.01.07
SIMATIC IPC BX-39A< 29.01.0729.01.07
SIMATIC IPC BX-59A< 32.01.0432.01.04
Remediation & Mitigation
0/12
Do now
0/1
WORKAROUNDRestrict local and remote root/administrator access to operating system, limiting who can log in with elevated privileges
Schedule — requires maintenance window
0/8

Patching may require device reboot — plan for process interruption

SIMATIC IPC627E
HOTFIXUpdate SIMATIC IPC627E, IPC647E, IPC677E, IPC847E to firmware version 25.02.15 or later
SIMATIC IPC BX-39A
HOTFIXUpdate SIMATIC IPC BX-39A, PX-39A, PX-39A PRO, BX-32A, PX-32A to version 29.01.07 or later
SIMATIC IPC BX-21A
HOTFIXUpdate SIMATIC IPC BX-21A to version 31.01.07 or later
SIMATIC IPC BX-59A
HOTFIXUpdate SIMATIC IPC BX-59A to version 32.01.04 or later
SIMATIC Field PG M6
HOTFIXUpdate SIMATIC Field PG M6 to version 26.01.12 or later
SIMATIC IPC RC-543B
HOTFIXUpdate SIMATIC IPC RC-543B to version 35.01.12 or later
SIMATIC IPC RW-543B
HOTFIXUpdate SIMATIC IPC RW-543B to version 35.02.10 or later
SIMATIC IPC227G
HOTFIXUpdate SIMATIC IPC227G, IPC277G, IPC277G PRO, IPC327G, IPC377G to version 28.01.14 or later
Long-term hardening
0/3
HARDENINGImplement network access controls: place all SIMATIC IPCs, tablets, and Field PGs behind firewalls and on isolated control network segments, not connected to business networks or internet
HARDENINGFor remote access when required, enforce use of VPN or secure jump host architecture; keep VPN software updated
HARDENINGFollow Siemens operational security guidelines and product manuals for secure device configuration
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/641b389b-876e-4f74-9e90-6d78cc427922