Insyde BIOS Vulnerabilities in Siemens Industrial Products
Plan Patch8.4SSA-306654Feb 22, 2022
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Insyde BIOS vulnerabilities affect multiple Siemens industrial computing platforms including portable engineering stations (Field PG), industrial PCs (IPC series), and operator panels (ITP1000). The vulnerabilities enable privilege escalation, memory corruption, and information disclosure through local access to the BIOS layer. Multiple CWEs indicate memory safety issues (CWE-119, CWE-120, CWE-787), improper input validation (CWE-20), and access control flaws (CWE-269, CWE-822).
What this means
What could happen
An attacker with local access to an affected industrial PC or engineering station could modify BIOS settings or execute code at the firmware level, potentially bypassing security controls, altering system behavior, or preventing the device from operating. This affects all control and monitoring systems running on these platforms.
Who's at risk
Manufacturing and process control operations using Siemens SIMATIC industrial PCs, portable engineering stations (Field PG), and operator panels (ITP1000) are affected. This includes production facilities, water treatment plants, and utilities that rely on these devices as the computing platform for their automation and control systems. RUGGEDCOM APE1808 deployments in harsh industrial environments are also affected.
How it could be exploited
An attacker must have physical access to the device or local user-level access to the operating system to interact with BIOS. From there, they can exploit memory corruption or access control flaws to escalate privileges to BIOS/firmware level and modify system configuration or boot integrity.
Prerequisites
- Local access to the industrial PC or engineering station (physical access or valid user account)
- Ability to interact with BIOS interface or firmware during boot or through OS-level BIOS access tools
Local access required for exploitationLow complexity exploitationAffects multiple Siemens product linesNo patch available for several product variantsMemory corruption vulnerabilitiesAffects BIOS/firmware layer
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (28)
22 with fix6 pending
ProductAffected VersionsFix Status
SIMATIC Field PG M5< V22.01.1022.01.10
SIMATIC Field PG M5All versionsNo fix yet
SIMATIC Field PG M6< V26.01.1326.01.13
SIMATIC IPC127E< V27.01.0927.01.09
SIMATIC IPC227G< V28.01.0428.01.04
Remediation & Mitigation
0/20
Schedule — requires maintenance window
0/19Patching may require device reboot — plan for process interruption
SIMATIC Field PG M5
HOTFIXUpdate SIMATIC Field PG M5 to firmware version 22.01.10 or later
SIMATIC Field PG M6
HOTFIXUpdate SIMATIC Field PG M6 to firmware version 26.01.13 or later
SIMATIC IPC127E
HOTFIXUpdate SIMATIC IPC127E to firmware version 27.01.09 or later
SIMATIC IPC227G
HOTFIXUpdate SIMATIC IPC227G to firmware version 28.01.04 or later
SIMATIC IPC277G
HOTFIXUpdate SIMATIC IPC277G to firmware version 28.01.04 or later
HOTFIXUpdate SIMATIC IPC277G PRO to firmware version 28.01.04 or later
SIMATIC IPC327G
HOTFIXUpdate SIMATIC IPC327G to firmware version 28.01.04 or later
SIMATIC IPC377G
HOTFIXUpdate SIMATIC IPC377G to firmware version 28.01.04 or later
SIMATIC IPC427E
HOTFIXUpdate SIMATIC IPC427E to firmware version 21.01.17 or later
SIMATIC IPC477E
HOTFIXUpdate SIMATIC IPC477E to firmware version 21.01.17 or later
HOTFIXUpdate SIMATIC IPC477E PRO to firmware version 21.01.17 or later
SIMATIC IPC627E
HOTFIXUpdate SIMATIC IPC627E to firmware version 25.02.15 or later
SIMATIC IPC647E
HOTFIXUpdate SIMATIC IPC647E to firmware version 25.02.15 or later
SIMATIC IPC677E
HOTFIXUpdate SIMATIC IPC677E to firmware version 25.02.15 or later
SIMATIC IPC847E
HOTFIXUpdate SIMATIC IPC847E to firmware version 25.02.15 or later
SIMATIC ITP1000
HOTFIXUpdate SIMATIC ITP1000 to firmware version 23.01.10 or later
SIPLUS IPC427E
HOTFIXUpdate SIPLUS IPC427E to firmware version 21.01.17 or later
All products
HOTFIXUpdate RUGGEDCOM APE1808 BIOS to version 1.0.202N or later
HARDENINGEnable BIOS password protection and secure boot settings where available to prevent unauthorized BIOS modification
Long-term hardening
0/1SIMATIC Field PG M5
HARDENINGFor products without available fixes (SIMATIC Field PG M5 all versions, SIMATIC IPC427E all versions, SIMATIC IPC477E all versions, SIMATIC IPC477E PRO all versions, SIMATIC ITP1000 all versions, SIPLUS IPC427E all versions), implement physical security controls to restrict local access to the devices and BIOS settings
CVEs (26)
CVE-2020-5953CVE-2020-27339CVE-2021-33625CVE-2021-33626CVE-2021-33627CVE-2021-38489CVE-2021-41837CVE-2021-41838CVE-2021-41839CVE-2021-41840CVE-2021-41841CVE-2021-42059CVE-2021-42060CVE-2021-42113CVE-2021-42554CVE-2021-43323CVE-2021-43522CVE-2021-43613CVE-2021-43614CVE-2021-43615CVE-2021-45969CVE-2021-45970CVE-2021-45971CVE-2022-24030CVE-2022-24031CVE-2022-24069
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b2614077-1ec4-417b-9c17-456a3e0df198