Siemens TPM 2.0
Summary
Siemens TPM 2.0 products contain a vulnerability (CVE-2025-2884) that allows for out-of-bound reads, potentially leading to information disclosure or denial of service. Siemens has released updates for affected products and recommends applying them, along with specific countermeasures for products awaiting fixes.
IFF Assessment
The vulnerability allows attackers to gain unauthorized access to information or disrupt the functionality of the Trusted Platform Module, impacting the security of affected Siemens devices.
Severity
The CVSS score of 6.6 reflects a moderate severity, primarily due to the 'Out-of-bounds Read' vulnerability which can lead to information disclosure or denial of service, and considering the attack vector and impact on system availability and confidentiality.
Defender Context
This alert highlights a critical vulnerability in Siemens TPM 2.0, impacting various SIMATIC industrial products. Defenders should prioritize patching or implementing workarounds for affected systems, especially those in critical manufacturing sectors, to prevent potential information disclosure or denial of service attacks. This underscores the ongoing need for vigilance in securing industrial control systems (ICS) and operational technology (OT) environments.