Siemens SINAMICS PERFECT HARMONY GH180 (Update A)

Plan Patch8.1ICS-CERT ICSA-21-194-13Jul 13, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SINAMICS PERFECT HARMONY GH180 drives and certain 6SR4/6SR5 models with W41 cooling option and X30 air-to-air heat exchanger manufactured before August 13, 2021 are vulnerable to arbitrary code execution due to a memory corruption flaw (CWE-119). An attacker with network access can exploit this without credentials to gain full control of the drive and motor operation. No firmware patch has been released; the affected hardware reaches end-of-support status.

What this means

What could happen

An attacker could execute arbitrary code on the drive controller, allowing them to modify motor speeds, alter process setpoints, or stop operations entirely. This could damage equipment or disrupt critical processes like pumping or compression.

Who's at risk

Water utilities and municipal electric operators running SINAMICS PERFECT HARMONY GH180 drive systems or 6SR4/6SR5 models with the specified cooling option (W41 with X30 air-to-air heat exchanger). These are commonly used in large pump and compressor motors. Any facility with drives manufactured before August 2021 with these configurations is affected.

How it could be exploited

An attacker with network access to the affected drive sends a specially crafted packet that exploits a buffer overflow or memory corruption flaw in the drive's firmware. The malicious payload executes code with drive-level privileges, enabling full control over motor operation and parameters.

Prerequisites

Network access to the drive on the industrial network
No credentials required
Drive must be manufactured before August 13, 2021
Drive must have the specified cooling option (W41 with X30 air-to-air heat exchanger for the models listed)

Remotely exploitableNo authentication requiredNo patch available from vendorAffects critical equipment controlBuffer overflow vulnerability (memory corruption)CVSS 8.1 (high severity)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

2 pending1 EOL

ProductAffected VersionsFix Status

SINAMICS PERFECT HARMONY model 6SR4: with option W41 with X30 air to air hexW41 with X30 air - air hexNo fix yet

SINAMICS PERFECT HARMONY model 6SR5: with options A84 A85 E06 W41 with X30 air to air hexA84 | A85 E06 W41 with X30 air - air hexNo fix yet

SINAMICS PERFECT HARMONY GH180 Drives: manufactured before 2021-8-13< 2021-8-13No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDIsolate affected drives from untrusted network segments using firewalls or network segmentation; restrict access to engineering workstations and HMI systems only

HARDENINGMonitor network traffic to the drives for anomalous commands or unusual connection patterns

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGReview and enforce Siemens operational security guidelines in your facility, including device hardening and secure network configuration per product manual

Long-term hardening

0/1

HOTFIXContact Siemens directly to determine if replacement or hardware upgrade options exist, as no firmware patch is available

CVEs (1)

CVE-2020-15782

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/249970b7-e2b1-4bf2-bc4d-54b393fd0936