OTPulse
FeedAboutContact

Authentication Bypass Vulnerability in BMC (CVE-2024-54085) affects SIMATIC IPC RS-828A

Act Now10SSA-446307May 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC). An attacker can gain unauthorized access without credentials and compromise confidentiality, integrity, and availability of the BMC and the entire system. The vulnerability affects BMC firmware versions prior to 1.1.13.

What this means
What could happen
An attacker without credentials can gain administrative access to the BMC (the low-level management system that controls your industrial PC), potentially allowing them to modify system behavior, disable monitoring, or interfere with the hardware that runs your control logic.
Who's at risk
Operators and maintainers of SIMATIC IPC RS-828A industrial PCs running BMC firmware versions before 1.1.13. This affects any facility using Siemens IPC RS-828A systems for control or compute tasks in water treatment, power distribution, manufacturing, or other industrial processes.
How it could be exploited
The attacker connects to the Redfish interface on the BMC over the network without providing credentials. The authentication bypass in the BMC firmware allows the attacker to issue administrative commands directly, such as powering the system down, modifying BIOS settings, or changing firmware—actions that would normally require engineering password authentication.
Prerequisites
  • Network reachability to the BMC Redfish interface (typically port 443 or 5985/5986)
  • No credentials required
Remotely exploitableNo authentication requiredLow attack complexityActively exploited (KEV)Affects system management layerCritical CVSS 10.0EPSS 8.2% exploit probability
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC IPC RS-828A - BMC firmware< 1.1.131.1.13
Remediation & Mitigation
0/1
Do now
0/1
HOTFIXUpdate SIMATIC IPC RS-828A BMC firmware to version 1.1.13 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a6b60cf6-cd5a-4eb4-9ac9-22c330a1b4fb
Authentication Bypass Vulnerability in BMC (CVE-2024-54085) affects SIMATIC IPC RS-828A | CVSS 10 - OTPulse