Siemens SINAMICS (Update C)

Plan PatchCVSS 7.5ICS-CERT ICSA-19-227-04Aug 13, 2019

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

An out-of-bounds read vulnerability (CWE-125) in Siemens SINAMICS control units allows a remote attacker to send a crafted packet to crash the device without authentication. The vulnerability affects multiple SINAMICS drive models (GH150, GL150, GM150, SL150, SM120, SM150) across firmware versions 4.7 and 4.8. SINAMICS GM150 V4.7 has no fix available. All other affected models have patches available at various version levels (ranging from 4.7 HF33 to 5.2 SP2 depending on the model). Successful exploitation results in denial of service—the control unit stops responding and motor operation ceases until the device is manually restarted.

What this means

What could happen

An attacker with network access can crash the SINAMICS control unit, disrupting motor drive operation and potentially stopping pumps, compressors, or conveyor systems at your facility. This is a denial-of-service vulnerability with no authentication required.

Who's at risk

Water and electric utilities operating SINAMICS medium-voltage AC motor drives, particularly those using GH150, GL150, GM150, SL150, SM120, and SM150 control units in pump stations, compressor installations, or other critical rotating equipment. Any facility using these drives for essential processes should prioritize patching.

How it could be exploited

An attacker sends a crafted packet to the SINAMICS control unit over the network to trigger an out-of-bounds read condition, causing the device to crash and stop responding. No authentication or credentials are needed; the attacker only requires network reachability to the device.

Prerequisites

Network access to SINAMICS control unit (port/protocol varies by model)
No credentials required
Device must be on a network reachable from attacker

Remotely exploitableNo authentication requiredLow complexity attackAffects critical motor drive controlSINAMICS GM150 V4.7 has no patch availableCan disrupt operational continuity

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (11)

10 with fix1 EOL

ProductAffected VersionsFix Status

SINAMICS GH150 V4.7 (Control Unit): All versionsAll versions4.8 SP2 HF9

SINAMICS GH150 V4.8 (Control Unit): All<V4.8 SP2 HF94.8 SP2 HF9

SINAMICS GL150 V4.7 (Control Unit): All versionsAll versions4.8 SP2 HF9

SINAMICS GL150 V4.8 (Control Unit): All<V4.8 SP2 HF94.8 SP2 HF9

SINAMICS GM150 V4.8 (Control Unit): All<V4.8 SP2 HF94.8 SP2 HF9

SINAMICS SL150 V4.7 (Control Unit): All<V4.7 HF334.7 HF33 or upgrade to V5.2 SP2

SINAMICS SL150 V4.8 (Control Unit): All versionsAll versions5.2 SP2

SINAMICS SM120 V4.7 (Control Unit): All versionsAll versions4.8 SP2 HF10

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDFor SINAMICS GM150 V4.7 (no fix available), implement network access controls and firewall rules to restrict communication to this device to trusted engineering workstations and control systems only

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SINAMICS GH150 and GL150 devices to firmware version 4.8 SP2 HF9 or later

HOTFIXUpgrade SINAMICS SL150 V4.7 devices to firmware version 4.7 HF33 or upgrade to V5.2 SP2

HOTFIXUpgrade SINAMICS SL150 V4.8 devices to firmware version 5.2 SP2

HOTFIXUpgrade SINAMICS SM120 devices to firmware version 4.8 SP2 HF10 or later

HOTFIXUpgrade SINAMICS SM150 devices to firmware version 5.1 SP2 HF3 or later

Mitigations - no patch available

0/1

SINAMICS GM150 V4.7 (Control Unit): All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment SINAMICS control units onto a separate industrial network with restricted access from corporate networks and the internet

CVEs (1)

CVE-2019-6568

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ea94f41-86f6-4259-8a12-543f82a4623e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.