VDB
SSA-216014
SSA-216014
PUBLISHED
CVSS 8.199999809265137 HIGH
The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC IPC RC-543B | |
| Siemens | SIMATIC IPC477E | |
| Siemens | SIMATIC IPC277G PRO | |
| Siemens | SIMATIC IPC277E | |
| Siemens | SIMATIC IPC847E | |
| Siemens | SIMATIC IPC127E | |
| Siemens | SIMATIC IPC627E | |
| Siemens | SIMATIC IPC227E | |
| Siemens | SIMATIC IPC277G | |
| Siemens | SIMATIC IPC3000 SMART V3 | |
| Siemens | SIMATIC Field PG M6 | |
| Siemens | SIMATIC IPC427E | |
| Siemens | SIMATIC IPC327G | |
| Siemens | SIMATIC ITP1000 | |
| Siemens | SIMATIC IPC BX-39A | |
| Siemens | SIMATIC Field PG M5 | |
| Siemens | SIMATIC IPC RW-543A | |
| Siemens | SIMATIC IPC BX-59A | |
| Siemens | SIMATIC IPC PX-32A | |
| Siemens | SIMATIC IPC RC-543A |
…and 12 more
Timeline
- Mar 11, 2025 CVE Published
- May 12, 2026 CVE Updated