OTPulse
FeedAboutContact

Siemens SIMATIC IPC RS-828A

Act Now10ICS-CERT ICSA-25-135-07May 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC). An attacker can gain unauthorized access to the BMC without credentials, compromising confidentiality, integrity and availability of the BMC and the entire system.

What this means
What could happen
An attacker can bypass authentication on the BMC and gain full control of the SIMATIC IPC RS-828A system, potentially allowing them to modify configurations, interrupt operations, or access sensitive data on the device and connected networks.
Who's at risk
Organizations operating Siemens SIMATIC IPC RS-828A industrial computers in manufacturing, utilities, and critical infrastructure sectors should be concerned. The BMC manages hardware functions including power, temperature, and remote access across these devices, making this a foundational security issue for any facility relying on these computers for process control or data acquisition.
How it could be exploited
An attacker with network access to the BMC interface (X1P1) can send unauthenticated requests to the Redfish interface to bypass authentication checks. Once authenticated to the BMC, the attacker has full administrative control of the device and can execute arbitrary commands or configurations.
Prerequisites
  • Network access to BMC interface (X1P1) on port 443 or management network
  • BMC firmware version before 1.1.13
Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)Critical severity (CVSS 10)Affects system integrity and availability
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC IPC RS-828A - BMC firmware< 1.1.131.1.13
Remediation & Mitigation
0/3
Do now
0/2
HOTFIXUpdate SIMATIC IPC RS-828A BMC firmware to version 1.1.13 or later
WORKAROUNDRestrict network access to BMC interface (X1P1) by configuring firewall rules to allow only trusted engineering and management networks
Long-term hardening
0/1
HARDENINGIsolate BMC management traffic on a separate, air-gapped or tightly controlled network segment
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/53115cb2-ac6e-4d33-98e7-07f034e40f2e
Siemens SIMATIC IPC RS-828A | CVSS 10 - OTPulse