{"vulnerability": "cve-2024-5618", "sightings": [{"uuid": "3b49d57b-8e59-4f15-a87d-faaf574c7078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-5618", "type": "seen", "source": "https://t.me/cvedetector/1161", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5618 - PruvaSoft Apinizer Management Console Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-5618 \nPublished : July 18, 2024, 5:15 p.m. | 41\u00a0minutes ago \nDescription : Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management Console: before 2024.05.1. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-18T20:08:16.000000Z"}, {"uuid": "c32e581b-46f7-47d8-883c-0ecbd431bb95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56185", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk2jmtsc3g2h", "content": "", "creation_timestamp": "2025-03-10T21:45:57.931448Z"}, {"uuid": "c42a01fc-068a-4672-b3a9-8fe864af2df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56181", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk43e3dmae26", "content": "", "creation_timestamp": "2025-03-11T12:35:49.725331Z"}, {"uuid": "1ab23b29-cb19-4ed3-b9a7-341bcb2c99e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56182", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk43e3pgdw2s", "content": "", "creation_timestamp": "2025-03-11T12:35:51.558025Z"}, {"uuid": "99e3553c-aeb3-463b-9cc2-c33650dda381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56187", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7227", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56187\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\ud83d\udccf Published: 2025-03-10T18:19:49.296Z\n\ud83d\udccf Modified: 2025-03-11T20:30:28.848Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2025-03-01", "creation_timestamp": "2025-03-11T20:41:20.000000Z"}, {"uuid": "6728dfe6-5a1e-4c10-89de-542d0a06bb72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56180", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5fc4wftt2k", "content": "", "creation_timestamp": "2025-02-14T14:15:57.601134Z"}, {"uuid": "c4f7f2da-38ee-4ac5-8085-b2e20e49c66a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56180", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3li5hygogbx2m", "content": "", "creation_timestamp": "2025-02-14T15:04:13.739131Z"}, {"uuid": "88a1e5ce-d110-4496-a9df-fd0acbb2b88b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56180", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li5ndi2v5p2e", "content": "", "creation_timestamp": "2025-02-14T16:39:53.071051Z"}, {"uuid": "e5077325-3f8d-4d88-bb90-e2320dfe6f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56181", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114143638836321476", "content": "", "creation_timestamp": "2025-03-11T11:48:28.574756Z"}, {"uuid": "95d6c815-3f7d-4cf2-821a-91d4d4f72558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56182", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114143638879374326", "content": "", "creation_timestamp": "2025-03-11T11:48:29.305040Z"}, {"uuid": "001408a0-e640-4ae0-ad33-bc3bb4c3ee5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56182", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-11", "content": "", "creation_timestamp": "2025-03-13T11:00:00.000000Z"}, {"uuid": "0a7a700e-0912-4a1c-8a7a-5af0384596d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56181", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-11", "content": "", "creation_timestamp": "2025-03-13T11:00:00.000000Z"}, {"uuid": "0214d252-1738-43ff-9d50-b1ebe3dbea37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56180", "type": "seen", "source": "https://gist.github.com/somprasongd/7e70d4aeffa65e3b65b61db9baeb480f", "content": "", "creation_timestamp": "2025-04-24T02:01:18.000000Z"}, {"uuid": "1287b603-3f86-4129-b77f-c74ed9896356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56186", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-16T01:45:14.000000Z"}, {"uuid": "a5c09b47-38af-49a4-9999-f644bd032077", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56186", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-19T04:06:32.000000Z"}, {"uuid": "30beea8e-2b2b-4bfa-909c-643d784ffd6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56189", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lxz7cftn7x2d", "content": "", "creation_timestamp": "2025-09-04T13:01:11.846045Z"}, {"uuid": "1dea6136-adf3-46b7-a77f-fb2bd0f30a32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-56180", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "4031cb91-9e1f-4d3f-9945-bbb588798207", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56188", "type": "seen", "source": "https://t.me/cvedetector/19999", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56188 - \"Arris Modem Null Pointer Denial of Service\"\", \n  \"Content\": \"CVE ID : CVE-2024-56188 \nPublished : March 10, 2025, 7:15 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:56.000000Z"}, {"uuid": "07680d0f-6c58-44da-b34b-7e26ba238059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56187", "type": "seen", "source": "https://t.me/cvedetector/19998", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56187 - IBM PowerPC Firmware TEE Memory Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56187 \nPublished : March 10, 2025, 7:15 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:56.000000Z"}, {"uuid": "fdd06ff7-0283-4e5a-be40-dda8004637f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56186", "type": "seen", "source": "https://t.me/cvedetector/19997", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56186 - Google Secure Element Out-of-Bounds Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56186 \nPublished : March 10, 2025, 7:15 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:55.000000Z"}, {"uuid": "68ede8be-916c-41c8-a917-7a47ca94d887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56185", "type": "seen", "source": "https://t.me/cvedetector/19996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56185 - Qualcomm Baseband Firmware Out-of-Bounds Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56185 \nPublished : March 10, 2025, 7:15 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:54.000000Z"}, {"uuid": "b4e94210-e99f-4d93-be94-3c83077e9503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56180", "type": "published-proof-of-concept", "source": "Telegram/90cFk6CwVLfJQ-HgvSZb1zOC6NoTElQtff7llIWJAQIz12PY", "content": "", "creation_timestamp": "2025-02-14T21:08:30.000000Z"}, {"uuid": "95aa171c-d323-4e93-ab3c-33453236468a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56184", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7232", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56184\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\ud83d\udccf Published: 2025-03-10T18:19:48.793Z\n\ud83d\udccf Modified: 2025-03-11T20:26:59.078Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2025-03-01", "creation_timestamp": "2025-03-11T20:41:27.000000Z"}, {"uuid": "26dfe76c-5e2e-482d-8366-6c64e064b756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56185", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7231", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56185\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.\n\ud83d\udccf Published: 2025-03-10T18:19:48.977Z\n\ud83d\udccf Modified: 2025-03-11T20:28:14.260Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2025-03-01", "creation_timestamp": "2025-03-11T20:41:26.000000Z"}, {"uuid": "3484df61-ad9f-4705-9599-c3301525ebf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56186", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7229", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56186\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\ud83d\udccf Published: 2025-03-10T18:19:49.138Z\n\ud83d\udccf Modified: 2025-03-11T20:29:07.820Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2025-03-01", "creation_timestamp": "2025-03-11T20:41:22.000000Z"}, {"uuid": "ab9cd8f6-80f0-4e6e-b772-c985066f2a39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56180", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/18109", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56180 - Apache EventMesh Hessian Deserialization Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56180 \nPublished : Feb. 14, 2025, 2:15 p.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft\u00a0plugin\u00a0module in Apache EventMesh master branch without release version on windows\\linux\\mac os e.g. platforms allows attackers to send controlled message and remote code execute\u00a0via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo or version 1.11.0 to fix this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T17:26:15.000000Z"}, {"uuid": "6cdd6286-bdca-4ba3-a870-be27c57cefdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56181", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17906", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56181\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC\u00a0IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.\n\ud83d\udccf Published: 2025-03-11T09:48:03.703Z\n\ud83d\udccf Modified: 2025-06-10T15:17:19.512Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-216014.html", "creation_timestamp": "2025-06-10T15:31:06.000000Z"}, {"uuid": "393692b1-aad8-4d42-b875-ba462dfdb073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56182", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17905", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56182\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC\u00a0IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.\n\ud83d\udccf Published: 2025-03-11T09:48:05.319Z\n\ud83d\udccf Modified: 2025-06-10T15:17:20.999Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-216014.html", "creation_timestamp": "2025-06-10T15:31:06.000000Z"}]}