Siemens SINAMICS PERFECT HARMONY GH180

Monitor6.8ICS-CERT ICSA-20-014-04Jan 14, 2020

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SINAMICS PERFECT HARMONY GH180 drive contains an authentication bypass vulnerability affecting the local HMI interface. An attacker with physical access to the drive's control panel or HMI can read configuration data or modify operational settings including speed control, torque limits, and other parameters without providing credentials. The vulnerability affects all versions of the drive with option A30 (HMI displays 12 inches or larger) and high-availability configurations. Siemens reports this vulnerability is not remotely exploitable and no public exploits exist. The vendor recommends contacting customer support for configuration guidance but has not released a firmware patch.

What this means

What could happen

An attacker with physical access to the SINAMICS PERFECT HARMONY GH180 drive's control interface could read sensitive configuration data or modify drive settings, potentially disrupting motor operation or altering speed and torque control parameters that affect connected equipment.

Who's at risk

Manufacturing facilities using Siemens SINAMICS PERFECT HARMONY GH180 drives (all versions) for motor control, particularly those with 12-inch or larger HMI displays (option A30) or high-availability configurations. This affects any plant using these variable frequency drives for pump motors, compressors, conveyor systems, or other industrial machinery.

How it could be exploited

An attacker must physically access the drive's local interface or HMI panel. Once at the interface, they can bypass security controls to access configuration menus and alter operational parameters without requiring valid credentials.

Prerequisites

Physical access to the SINAMICS drive HMI or control interface
Access to the local network connection of the drive (not remote exploitation possible)

No patch availablePhysical access required but local HMI access lacks authentication controlsAffects operational parameters of critical motor control equipment

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 pending

ProductAffected VersionsFix Status

SINAMICS PERFECT HARMONY GH180 Drives MLFB_6SR32..-.....-...._MLFB_6SR4..-.....-...._MLFB_6SR5..-.....-...._With_option_A30_(HMIs_12_inches_or_larger):All_versionsMLFB 6SR32..-.....-.... MLFB 6SR4..-.....-.... MLFB 6SR5..-.....-.... With option A30 (HMIs 12 inches or larger):All versionsNo fix yet

SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability):All_versionsMLFB 6SR325.-.....-.... (High Availability):All versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict physical access to SINAMICS drive control interfaces and HMI panels to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Siemens customer support to obtain and apply recommended configuration changes that restrict unauthorized access to the HMI interface

Long-term hardening

0/2

HARDENINGIsolate the SINAMICS drive from the facility network if not required for remote monitoring; use VPN with strong authentication for any required remote connections

HARDENINGPosition SINAMICS drives behind facility firewalls and ensure they are not accessible from corporate networks or the Internet

CVEs (1)

CVE-2019-19278

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f6f64e32-ca80-4349-b809-ca04b50acd68