ICSA-18-345-01 McAfee SINAMICS PERFECT HARMONY GH180
Monitor7.1ICS-CERT ICSA-18-345-01Dec 11, 2018
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
SINAMICS PERFECT HARMONY GH180 drives with option A30 HMI interfaces (12 inch or larger) contain insufficient access controls that allow local users to bypass authorization checks. An attacker with local user privileges on the HMI can read and modify files on the drive control system without needing administrator credentials. This affects MLFB 6SR32, 6SR42, 6SR52, and 6SR325 configurations. Siemens states no patch will be released for these end-of-life products.
What this means
What could happen
An attacker with local access to the HMI could read or modify files on the drive control system, potentially altering motor speed setpoints or stopping industrial processes without authorization.
Who's at risk
Manufacturing plants and industrial facilities using Siemens SINAMICS PERFECT HARMONY GH180 variable frequency drives (6SR32, 6SR42, 6SR52, or 6SR325 models) with 12-inch or larger HMI touchscreens. This affects any operator or technician who has local user access to the HMI workstations.
How it could be exploited
An attacker with local user privileges on the HMI workstation (12-inch or larger touchscreen running Windows XP or later) could exploit insufficient access controls to read sensitive configuration files or modify control parameters on the SINAMICS drive without administrator approval.
Prerequisites
- Local user account on the HMI workstation
- Physical or network access to the SINAMICS PERFECT HARMONY GH180 HMI
- HMI running Windows XP or later operating system
Low complexity exploitationLocal access required but common in plant environmentsNo patch available for some configurationsWindows XP end-of-life operating system increases overall risk
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (8)
8 pending
ProductAffected VersionsFix Status
SINAMICS PERFECT HARMONY GH180 Drives: MLFB 6SR32 with option A30 (HMIs 12 inch or larger)MLFB 6SR32 with option A30 (HMIs 12 inch or larger)No fix yet
SINAMICS PERFECT HARMONY GH180 Drives: MLFB 6SR42 with option A30 (HMIs 12 inch or larger)MLFB 6SR42 with option A30 (HMIs 12 inch or larger)No fix yet
SINAMICS PERFECT HARMONY GH180 Drives: MLFB 6SR52 with option A30 (HMIs 12 inch or larger)MLFB 6SR52 with option A30 (HMIs 12 inch or larger)No fix yet
SINAMICS PERFECT HARMONY GH180 Drives: MLFB 6SR325 (High Availability)MLFB 6SR325 (High Availability)No fix yet
SINAMICS PERFECT HARMONY GH180 Drives: MLFB 6SR32 with option A30 (HMIs 12 inch or larger) where the HMI is operating under Microsoft Windows XPMLFB 6SR32 with option A30 (HMIs 12 inch or larger) where the HMI is operating under Microsoft Windows XPNo fix yet
SINAMICS PERFECT HARMONY GH180 Drives: MLFB 6SR42 with option A30 (HMIs 12 inch or larger) where the HMI is operating under Microsoft Windows XPPMLFB 6SR42 with option A30 (HMIs 12 inch or larger) where the HMI is operating under Microsoft Windows XPPNo fix yet
SINAMICS PERFECT HARMONY GH180 Drives: MLFB 6SR52 with option A30 (HMIs 12 inch or larger) where the HMI is operating under Microsoft Windows XPMLFB 6SR52 with option A30 (HMIs 12 inch or larger) where the HMI is operating under Microsoft Windows XPNo fix yet
SINAMICS PERFECT HARMONY GH180 Drives: MLFB 6SR325 (High Availability) where the HMI is operating under Microsoft Windows XPMLFB 6SR325 (High Availability) where the HMI is operating under Microsoft Windows XPNo fix yet
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade MACC (McAfee Access Control Component) to version 8.2.0 or later on all affected SINAMICS GH180 HMI units
Long-term hardening
0/2HARDENINGIsolate HMI workstations from untrusted networks using air-gap or firewall rules to restrict local access
HARDENINGMigrate HMI systems away from Windows XP to a supported operating system
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/283050fe-fe9f-4060-920b-555bc77aed34