VDB
ICSA-25-135-07
ICSA-25-135-07
PUBLISHED
CVSS 10 CRITICAL
SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC) that could allow an attacker to gain unauthorized access and compromise confidentiality, integrity and availability of the BMC and thus the entire system. Siemens has released a new version for SIMATIC IPC RS-828A - BMC firmware and recommends to update to the latest version.
Risk Scores
CVSS v3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC IPC RS-828A - BMC firmware |
Timeline
- May 13, 2025 CVE Published
- Aug 12, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-446307.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-446307.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-135-07.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-07 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109763408/ fix