IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Plan Patch7.9SSA-686975Feb 14, 2023
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
Intel published BIOS and firmware vulnerabilities affecting Intel processors. Siemens industrial computers using affected Intel CPUs are impacted. These vulnerabilities allow modification of BIOS and firmware settings by a local administrator, potentially enabling persistent compromise of the device. Siemens has released patched BIOS versions for most products; however, SIMATIC ITP1000 has no fix available.
What this means
What could happen
An attacker with local administrator access on affected Siemens industrial computers could modify BIOS settings or firmware to gain persistent control over the device, potentially interfering with PLC communications and process control.
Who's at risk
Manufacturers using Siemens industrial computers (SIMATIC Field PG and IPC series) for engineering workstations, process monitoring, and control applications. The SIMATIC ITP1000 panel computer used in process visualization and HMI applications is particularly affected as no patch is planned. Organizations running these devices as engineering stations connected to PLCs or I/O modules should prioritize patching.
How it could be exploited
This vulnerability requires local administrator privileges on the physical device itself. An attacker would need hands-on or RDP/SSH access as an admin to manipulate BIOS or low-level system settings. Once exploited, the attacker could bypass security controls and maintain persistence across reboots.
Prerequisites
- Local administrator credentials or physical access to the device
- BIOS/firmware configuration access
- Ability to perform system-level modifications
Intel CPU BIOS vulnerabilityLocal administrator access required for exploitationFirmware persistence capabilitySIMATIC ITP1000 has no fix availableAffects engineering workstations in manufacturing environments
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (14)
13 with fix1 EOL
ProductAffected VersionsFix Status
SIMATIC Field PG M6< V26.01.1126.01.11
SIMATIC IPC BX-39A< V29.01.0329.01.03
SIMATIC IPC PX-39A< V29.01.0329.01.03
SIMATIC IPC PX-39A PRO< V29.01.0329.01.03
SIMATIC IPC427E< V21.01.1921.01.19
SIMATIC IPC477E< V21.01.1921.01.19
SIMATIC IPC477E PRO< V21.01.1921.01.19
SIMATIC IPC627E< V25.02.1425.02.14
Remediation & Mitigation
0/10
Do now
0/2HARDENINGRestrict physical access and remote access (RDP/SSH) to affected engineering workstations and IPCs to authorized personnel only
WORKAROUNDDisable remote administration features on affected devices if not required for operations
Schedule — requires maintenance window
0/7Patching may require device reboot — plan for process interruption
SIMATIC Field PG M6
HOTFIXUpdate SIMATIC Field PG M6 to version 26.01.11 or later
SIMATIC IPC BX-39A
HOTFIXUpdate SIMATIC IPC BX-39A to version 29.01.03 or later
SIMATIC IPC PX-39A
HOTFIXUpdate SIMATIC IPC PX-39A (standard and PRO) to version 29.01.03 or later
SIMATIC IPC427E
HOTFIXUpdate SIMATIC IPC427E and SIPLUS IPC427E to version 21.01.19 or later
SIMATIC IPC477E
HOTFIXUpdate SIMATIC IPC477E and IPC477E PRO to version 21.01.19 or later
SIMATIC IPC627E
HOTFIXUpdate SIMATIC IPC627E, IPC647E, IPC677E, and IPC847E to version 25.02.14 or later
SIMATIC Field PG M5
HOTFIXUpdate SIMATIC Field PG M5 to version 22.01.11 or later
Mitigations - no patch available
0/1SIMATIC ITP1000 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGFor SIMATIC ITP1000 (no patch available), implement network segmentation to isolate the device from general IT networks and implement strict access controls
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/723a6b3b-ac5d-4f0f-ba4b-059bf5347cdd