Full Report
SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC) that could allow an attacker to gain unauthorized access and compromise confidentiality, integrity and availability of the BMC and thus the entire system. Siemens has released a new version for SIMATIC IPC RS-828A - BMC firmware and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Critical Authentication Bypass in SIMATIC IPC RS-828A BMC Redfish Interface
## CVE Details
- CVE ID: CVE-2024-54085
- CVSS Score: 10.0 (Critical) (CVSS v3.1) / 10.0 (Critical) (CVSS v4.0)
- CWE: CWE-290: Authentication Bypass by Spoofing
## Affected Systems
- Products: SIMATIC IPC RS-828A - BMC firmware
- Versions: All versions **< V1.1.13**
- Configurations: Vulnerability exists in the Redfish interface of the Baseboard Management Controller (BMC).
## Vulnerability Description
This vulnerability, present in AMI’s SPx utilized within the BMC, allows an attacker to bypass authentication remotely by exploiting flaws in the Redfish Host Interface. Successful exploitation grants unauthorized access to the BMC.
## Exploitation
- Status: Not explicitly stated as 'In the Wild', but highly critical due to ease of remote access.
- Complexity: Low (Based on CVSS vector: AV:N/AC:L/PR:N/UI:N)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: High (H)
- Integrity: High (H)
- Availability: High (H)
(Successful exploitation compromises the confidentiality, integrity, and availability of the BMC, which can lead to the compromise of the entire industrial system.)
## Remediation
### Patches
- Update the SIMATIC IPC RS-828A - BMC firmware to **version V1.1.13 or later**.
- Vendor Link for Update: hxxps://support.industry.siemens.com/cs/ww/en/view/109763408/
### Workarounds
No specific product-level workarounds were detailed for this specific vulnerability in the summary, other than applying the general security recommendations:
1. Protect network access to devices using appropriate mechanisms.
2. Configure the environment according to Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unauthorized access or suspicious administrative actions originating from the Redfish interface of the BMC.
- **Detection Methods and Tools:** Monitoring network traffic targeting the BMC management interface for unusual Redfish API calls lacking proper session establishment, or IDS/IPS systems configured to detect known authentication bypass patterns.
## References
- Vendor Advisory: SSA-446307
- Siemens Security Guidelines Download: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security