Siemens SINAMICS (Update C)
Plan Patch7.5ICS-CERT ICSA-19-227-04Aug 13, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
An out-of-bounds read vulnerability (CWE-125) in Siemens SINAMICS control units allows a remote attacker to send a crafted packet to crash the device without authentication. The vulnerability affects multiple SINAMICS drive models (GH150, GL150, GM150, SL150, SM120, SM150) across firmware versions 4.7 and 4.8. SINAMICS GM150 V4.7 has no fix available. All other affected models have patches available at various version levels (ranging from 4.7 HF33 to 5.2 SP2 depending on the model). Successful exploitation results in denial of service—the control unit stops responding and motor operation ceases until the device is manually restarted.
What this means
What could happen
An attacker with network access can crash the SINAMICS control unit, disrupting motor drive operation and potentially stopping pumps, compressors, or conveyor systems at your facility. This is a denial-of-service vulnerability with no authentication required.
Who's at risk
Water and electric utilities operating SINAMICS medium-voltage AC motor drives, particularly those using GH150, GL150, GM150, SL150, SM120, and SM150 control units in pump stations, compressor installations, or other critical rotating equipment. Any facility using these drives for essential processes should prioritize patching.
How it could be exploited
An attacker sends a crafted packet to the SINAMICS control unit over the network to trigger an out-of-bounds read condition, causing the device to crash and stop responding. No authentication or credentials are needed; the attacker only requires network reachability to the device.
Prerequisites
- Network access to SINAMICS control unit (port/protocol varies by model)
- No credentials required
- Device must be on a network reachable from attacker
Remotely exploitableNo authentication requiredLow complexity attackAffects critical motor drive controlSINAMICS GM150 V4.7 has no patch availableCan disrupt operational continuity
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (11)
10 with fix1 EOL
ProductAffected VersionsFix Status
SINAMICS GH150 V4.7 (Control Unit): All versionsAll versions4.8 SP2 HF9
SINAMICS GH150 V4.8 (Control Unit): All<V4.8 SP2 HF94.8 SP2 HF9
SINAMICS GL150 V4.7 (Control Unit): All versionsAll versions4.8 SP2 HF9
SINAMICS GL150 V4.8 (Control Unit): All<V4.8 SP2 HF94.8 SP2 HF9
SINAMICS GM150 V4.8 (Control Unit): All<V4.8 SP2 HF94.8 SP2 HF9
SINAMICS SL150 V4.7 (Control Unit): All<V4.7 HF334.7 HF33 or upgrade to V5.2 SP2
SINAMICS SL150 V4.8 (Control Unit): All versionsAll versions5.2 SP2
SINAMICS SM120 V4.7 (Control Unit): All versionsAll versions4.8 SP2 HF10
Remediation & Mitigation
0/7
Do now
0/1WORKAROUNDFor SINAMICS GM150 V4.7 (no fix available), implement network access controls and firewall rules to restrict communication to this device to trusted engineering workstations and control systems only
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
HOTFIXUpgrade SINAMICS GH150 and GL150 devices to firmware version 4.8 SP2 HF9 or later
HOTFIXUpgrade SINAMICS SL150 V4.7 devices to firmware version 4.7 HF33 or upgrade to V5.2 SP2
HOTFIXUpgrade SINAMICS SL150 V4.8 devices to firmware version 5.2 SP2
HOTFIXUpgrade SINAMICS SM120 devices to firmware version 4.8 SP2 HF10 or later
HOTFIXUpgrade SINAMICS SM150 devices to firmware version 5.1 SP2 HF3 or later
Mitigations - no patch available
0/1SINAMICS GM150 V4.7 (Control Unit): All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment SINAMICS control units onto a separate industrial network with restricted access from corporate networks and the internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/0ea94f41-86f6-4259-8a12-543f82a4623e