Siemens SINAMICS S/G Authentication Bypass Vulnerability

Low RiskICS-CERT ICSA-13-338-01Sep 6, 2013

Summary

The SINAMICS S/G drive family contains an authentication bypass vulnerability (CWE-592: Type Confusion) that allows an attacker with network access to bypass login credentials and gain unauthorized control of the device. The vulnerability affects firmware versions prior to 4.6.11, and Siemens has not indicated a fix will be available. An attacker could remotely access the drive without proper authentication and issue commands to alter motor operation.

What this means

What could happen

An attacker with network access to a SINAMICS S/G drive could bypass authentication and gain unauthorized control over the device, potentially altering motor speed, torque, or operational parameters without proper authorization.

Who's at risk

Water and electric utilities operating Siemens SINAMICS S/G variable frequency drives (VFDs) used to control motors in pumping systems, fans, compressors, and other critical equipment should review their deployment and access controls immediately.

How it could be exploited

An attacker connects to the SINAMICS S/G drive over its network interface and bypasses the authentication mechanism (likely through CWE-592: Type Confusion), allowing direct command submission to the drive's control interface without providing valid credentials.

Prerequisites

Network access to the SINAMICS S/G drive's communication port
The device must be reachable from the attacker's network segment

remotely exploitableno authentication requiredno patch availabletype confusion vulnerability

Exploitability

Moderate exploit probability (EPSS 1.2%)

Affected products (1)

ProductAffected VersionsFix Status

SINAMICS S/G family firmware: <4.6.11<4.6.11No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGIsolate SINAMICS S/G drives from untrusted networks using network segmentation and firewall rules; restrict access to authorized engineering workstations only

WORKAROUNDImplement network access controls (ACLs, firewalls) to limit which devices can communicate with SINAMICS S/G drives

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to SINAMICS S/G drives for unauthorized access attempts

CVEs (1)

CVE-2013-6920

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dec54973-b25d-4217-bf93-e351c2530345