SSA-446307 — Vulnetix

SSA-446307 PUBLISHED CVSS 10 CRITICAL

SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC) that could allow an attacker to gain unauthorized access and compromise confidentiality, integrity and availability of the BMC and thus the entire system. Siemens has released a new version for SIMATIC IPC RS-828A - BMC firmware and recommends to update to the latest version.

Risk Scores

CVSS v3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	SIMATIC IPC RS-828A - BMC firmware

Timeline

May 13, 2025 CVE Published
Aug 12, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/html/ssa-446307.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-446307.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109763408/ fix

Open in Interactive Console →