CTI Swarm
Zurück zu allen Deep Dives
ALL CISA ADVISORIES

Siemens TPM 2.0

Strategische Zusammenfassung

This vulnerability affects the TPM 2.0 firmware in Siemens SIMATIC industrial PCs, potentially allowing attackers to compromise hardware security modules in manufacturing environments.

Volltext

Title: Siemens TPM 2.0 | CISA

URL Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-01

Markdown Content: # Siemens TPM 2.0 | CISA

An official website of the United States government

Here’s how you know

Here’s how you know

**Official websites use .gov**

A **.gov** website belongs to an official government organization in the United States.

**Secure .gov websites use HTTPS**

A **lock** () or **https://** means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

**Due to the lapse in federal funding, this website will not be actively managed.**[**Read More**](https://go.dhs.gov/lapse-2026)

[no-cost Cyber Services](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools "Free Cyber Services")[Secure by design](https://www.cisa.gov/securebydesign)[Secure Your Business](https://www.cisa.gov/secureyourbusiness)[Shields Up](https://www.cisa.gov/node/8056)[Report A Cyber Issue](https://www.cisa.gov/report)

Search

[×](javascript:void(0) "Clear search box")

Menu

Close

[×](javascript:void(0) "Clear search box")

* Topics[Topics](https://www.cisa.gov/topics) [Cybersecurity Best Practices](https://www.cisa.gov/topics/cybersecurity-best-practices) [Cyber Threats and Response](https://www.cisa.gov/topics/cyber-threats-and-response) [Critical Infrastructure Security and Resilience](https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience) [Election Security](https://www.cisa.gov/topics/election-security) [Emergency Communications](https://www.cisa.gov/topics/emergency-communications) [Industrial Control Systems](https://www.cisa.gov/topics/industrial-control-systems) [Information and Communications Technology Supply Chain Security](https://www.cisa.gov/topics/information-communications-technology-supply-chain-security) [Partnerships and Collaboration](https://www.cisa.gov/topics/partnerships-and-collaboration) [Physical Security](https://www.cisa.gov/topics/physical-security) [Risk Management](https://www.cisa.gov/topics/risk-management) [How can we help?](https://www.cisa.gov/audiences) [Government](https://www.cisa.gov/topics/government)[Educational Institutions](https://www.cisa.gov/topics/educational-institutions)[Industry](https://www.cisa.gov/topics/industry)[State, Local, Tribal, and […]

[… 10,497 Zeichen — nächste Zone: keyword-dense paragraphs …]

* SIMATIC CN 4100 vers:all/* (CVE-2025-2884) * SIMATIC Field PG M5 vers:all/* (CVE-2025-2884) * SIMATIC Field PG M6 vers:all/* (CVE-2025-2884) * SIMATIC IPC BX-32A vers:intdot/<29.01.09 (CVE-2025-2884) * SIMATIC IPC BX-39A vers:intdot/<29.01.09 (CVE-2025-2884) * SIMATIC IPC BX-56A vers:intdot/<32.01.09 (CVE-2025-2884) * SIMATIC IPC BX-59A vers:intdot/<32.01.09 (CVE-2025-2884) * SIMATIC IPC MD-57A vers:intdot/<30.01.10 (CVE-2025-2884) * SIMATIC IPC PX-32A vers:intdot/<29.01.09 (CVE-2025-2884) * SIMATIC IPC PX-39A vers:intdot/<29.01.09 (CVE-2025-2884) * SIMATIC IPC PX-39A PRO vers:intdot/<29.01.09 (CVE-2025-2884) * SIMATIC IPC RW-528A vers:intdot/<34.01.02 (CVE-2025-2884) * SIMATIC IPC RW-548A vers:intdot/<34.01.02 (CVE-2025-2884) * SIMATIC IPC227E vers:all/* (CVE-2025-2884) * SIMATIC IPC277E vers:all/* (CVE-2025-2884) * SIMATIC IPC427E vers:intdot/<21.01.20 (CVE-2025-2884) * SIMATIC IPC477E vers:intdot/<21.01.20 (CVE-2025-2884) * SIMATIC IPC477E PRO vers:intdot/<21.01.20 (CVE-2025-2884) * SIMATIC IPC627E vers:all/* (CVE-2025-2884) * SIMATIC IPC647E vers:all/* (CVE-2025-2884) * SIMATIC IPC677E vers:all/* (CVE-2025-2884) * SIMATIC IPC847E vers:all/* (CVE-2025-2884) * SIMATIC ITP1000 vers:all/* (CVE-2025-2884) * SIPLUS IPC427E vers:intdot/<21.01.20 (CVE-2025-2884)

**The products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.**

| CVSS Version | Base Score | Base Severity | Vector String | | --- | --- | --- | --- | | **CVSS Version**3.1 | **Base Score**6.6 | **Base Severity**MEDIUM | **Vector String**[CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H "(opens in a new window)") |

[Return to top](https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-01#top)

* [Topics](https://www.cisa.gov/topics) * [Spotlight](https://www.cisa.gov/spotlight) * [Resources & Tools](https://www.cisa.gov/resources-tools) * [News & Events](https://www.cisa.gov/news-events) * [Careers](https://www.cisa.gov/careers) * [About](https://www.cisa.gov/about)

[Cybersecurity & Infrastructure Security Agency](https://www.cisa.gov/ "Go to the Cybersecurity & Infrastructure Security Agency homepage")

* [Facebook](https://www.facebook.com/CISA) * [X](https://x.com/CISAgov) * [LinkedIn](https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency) * [YouTube](https://www.youtube.com/@cisagov) * [Instagram](https://www.instagram.com/cisagov) * [RSS](https://www.cisa.gov/subscribe-updates-cisa)

CISA Central[1-844-Say-CISA](tel:1-844-Say-CISA)[contact@cisa.dhs.gov](mailto:contact@cisa.dhs.gov)

DHS Seal

CISA.gov

An official website of the U.S. Department of Homeland Security

* [About CISA](https://www.cisa.gov/about "About CISA") * [Budget and Performance](https://www.dhs.gov/performance-financial-reports "Budget and Performance") * [DHS.gov](https://www.dhs.gov/ "Department of Homeland Security") * [FOIA Requests](https://www.dhs.gov/foia "FOIA Requests") * [No FEAR Act](https://www.cisa.gov/no-fear-act "No FEAR Act Reporting") * [Office of Inspector General](https://www.oig.dhs.gov/ "Office of Inspector General") * [Privacy Policy](https://www.cisa.gov/privacy-policy "Privacy Policy") * [Subscribe](https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138 "Subscribe to Email Updates") * [The White House](https://www.whitehouse.gov/ "The White House") * [USA.gov](https://www.usa.gov/ "USA.gov") * [Website Feedback](https://www.cisa.gov/forms/feedback "Website Feedback")