Siemens Medium Voltage SINAMICS Products (Update A)
Plan Patch7.5ICS-CERT ICSA-18-128-01May 3, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple Siemens SINAMICS variable frequency drives and soft starters with PROFINET connectivity contain a vulnerability in input validation (CWE-20, CWE-400) that allows a remote attacker to send crafted PROFINET packets without authentication. The malformed packets cause the device firmware to crash or become unresponsive, resulting in denial of service to the connected motor or equipment. Affected products include SIMOTION D4xx, SINAMICS GH150, GL150, GM150, SL150 (multiple versions), and SM120, all with PROFINET interfaces and running firmware versions prior to the specified hotfixes or updates.
What this means
What could happen
An attacker could send crafted PROFINET packets to these variable frequency drives (VFDs) and soft starters to cause them to become unresponsive, which would stop the motor or compressor they control and disrupt production or critical processes.
Who's at risk
Utilities and industrial facilities using Siemens SINAMICS variable frequency drives (VFDs) and soft starters for motors, compressors, and pumps. Affected models include the GH150, GL150, GM150, SL150, SM120, and SM150i-2 with PROFINET connectivity. This impacts water treatment plants, wastewater systems, electric utilities, and any facility with Siemens medium-voltage or soft-starter equipment controlling critical motors.
How it could be exploited
An attacker with network access to the PROFINET interface sends malformed packets designed to trigger a buffer handling vulnerability in the firmware. The device crashes and stops responding to control commands, halting the connected equipment.
Prerequisites
- Network access to PROFINET port (typically port 34962 or accessible via industrial switch)
- No authentication required
- Device must be reachable from the attacker's network segment
Remotely exploitable over PROFINETNo authentication requiredLow complexity attackCauses denial of service to critical equipmentAffects production and safety-critical processesMultiple product variants affected
Exploitability
Moderate exploit probability (EPSS 5.3%)
Affected products (8)
8 with fix
ProductAffected VersionsFix Status
SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants): All<V4.4 HF264.4 HF26
SINAMICS GH150 V4.7 w. PROFINET: All<V4.7 SP5 HF74.7 SP5 HF7 or upgrade to V4.8 SP2
SINAMICS GL150 V4.7 w. PROFINET: All<V4.8 SP24.8 SP2
SINAMICS GM150 V4.7 w. PROFINET: All<V4.7 HF314.7 HF31 or update to V4.8 SP2
SINAMICS SL150 V4.7.0 w. PROFINET: All<V4.7 HF304.7 HF30 or upgrade to V4.8 SP2
SINAMICS SL150 V4.7.4 w. PROFINET: All<V4.8 SP24.8 SP2
SINAMICS SL150 V4.7.5 w. PROFINET: All<V4.8 SP24.8 SP2
SINAMICS SM120 V4.7 w. PROFINET: All<V4.8 SP24.8 SP2
Remediation & Mitigation
0/8
Do now
0/1HARDENINGRestrict network access to PROFINET interfaces using industrial firewalls or network segmentation; only allow communication from authorized engineering workstations and control systems
Schedule — requires maintenance window
0/7Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMOTION D4xx to firmware version 4.4 HF26 or later
HOTFIXUpdate SINAMICS GH150 to firmware version 4.7 SP5 HF7 or later, or upgrade to version 4.8 SP2 or later
HOTFIXUpdate SINAMICS GL150 to firmware version 4.8 SP2 or later
HOTFIXUpdate SINAMICS GM150 to firmware version 4.7 HF31 or later, or upgrade to version 4.8 SP2 or later
HOTFIXUpdate SINAMICS SL150 (V4.7.0) to firmware version 4.7 HF30 or later, or upgrade to version 4.8 SP2 or later
HOTFIXUpdate SINAMICS SL150 (V4.7.4 and V4.7.5) to firmware version 4.8 SP2 or later
HOTFIXUpdate SINAMICS SM120 to firmware version 4.8 SP2 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6d013a9f-faef-4e07-84d4-ec1d1f5625d9