OTPulse

Siemens SIMATIC IPC RS-828A

Act NowCVSS 10ICS-CERT ICSA-25-135-07May 13, 2025
Siemens
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC) that allows unauthenticated attackers to gain unauthorized access and compromise confidentiality, integrity, and availability of the BMC and the entire system. Siemens has released firmware version 1.1.13 to fix this issue. Until patching is complete, network access to the BMC interface (X1P1) must be restricted to trusted networks only.

What this means
What could happen
An attacker could bypass authentication on the BMC (Baseboard Management Controller) of the SIMATIC IPC RS-828A and gain full control over the industrial PC's firmware and hardware, potentially disrupting operations or tampering with process logic.
Who's at risk
Water utilities and municipal electric systems relying on SIMATIC IPC RS-828A industrial PCs for automation, SCADA control, or critical process management. The BMC controls system firmware and hardware, making this critical for any facility using this platform for process monitoring, fault detection, or control logic execution.
How it could be exploited
An attacker with network access to the BMC's Redfish interface (default port typically 623) can send unauthenticated requests to bypass authentication controls, gain administrative access, and execute commands on the BMC without providing valid credentials. This compromises the underlying industrial PC and any automation systems it controls.
Prerequisites
  • Network access to the BMC interface (X1P1 port)
  • Vulnerable BMC firmware version < 1.1.13
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)affects safety and control systemsallows complete system compromise
Exploitability
Actively exploited — confirmed by CISA KEV
Public Proof-of-Concept (PoC) on GitHub (1 repository)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC IPC RS-828A - BMC firmware< 1.1.131.1.13
Remediation & Mitigation
0/3
Do now
0/2
HOTFIXUpdate SIMATIC IPC RS-828A BMC firmware to version 1.1.13 or later
WORKAROUNDRestrict network access to the BMC network interface (X1P1) to only trusted management networks; block all external and untrusted sources from reaching this interface
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate BMC management interfaces from production networks and remote access vectors
View full CISA ICS-CERT advisory
API: /api/v1/advisories/53115cb2-ac6e-4d33-98e7-07f034e40f2e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Siemens SIMATIC IPC RS-828A | CVSS 10 - OTPulse