Siemens SINAMICS Medium Voltage Products
Act Now9.8ICS-CERT ICSA-23-166-12Jun 13, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SINAMICS PERFECT HARMONY GH180 6SR5 medium voltage drive contains multiple vulnerabilities in its integrated SCALANCE S615 network device. The vulnerabilities include buffer overflow (CWE-787, CWE-125), use-after-free (CWE-416), improper authentication (CWE-287), command injection (CWE-78), certificate validation (CWE-295), and other issues affecting the device's firmware. These vulnerabilities are remotely exploitable with low attack complexity and no authentication required.
What this means
What could happen
An attacker with network access to the drive's Ethernet port or integrated network interface could execute arbitrary code on the SCALANCE S615 device, potentially allowing remote control of drive parameters, process setpoints, or shutdown of the motor drive itself, disrupting production operations.
Who's at risk
Operators of Siemens SINAMICS PERFECT HARMONY GH180 medium voltage drives (6SR5 models) used in industrial plants for motor control, especially those in power generation, oil and gas, water/wastewater, mining, and chemical processing sectors. Any facility relying on these drives for critical process control should prioritize assessment.
How it could be exploited
An attacker on the network sends crafted packets to the Ethernet port of the SINAMICS drive or to the integrated SCALANCE S615 network device. The vulnerabilities in the SCALANCE firmware allow the attacker to bypass authentication, trigger a buffer overflow or use-after-free condition, and execute arbitrary commands on the integrated network module, which has full control over the drive's operation.
Prerequisites
- Network connectivity to the Ethernet port on the SINAMICS drive (front panel) or to the integrated SCALANCE S615 device
- No valid credentials required
- Low complexity attack (straightforward packet crafting)
Remotely exploitableNo authentication requiredLow attack complexityCritical CVSS (9.8)High EPSS score (41.2%)Affects medium voltage equipment with potential to disrupt large motors and heavy industrial processesNo patch currently available for SINAMICS GH180 6SR5 (firmware fix available only for integrated SCALANCE device)
Exploitability
High exploit probability (EPSS 41.2%)
Affected products (1)
ProductAffected VersionsFix Status
SINAMICS PERFECT HARMONY GH180 6SR5All versionsV7.2 (for integrated SCALANCE S615 firmware)
Remediation & Mitigation
0/5
Do now
0/3HARDENINGRestrict physical access to the affected drives, including their Ethernet port on the front control door
WORKAROUNDDisconnect any direct network connection to the integrated SCALANCE S615 device
HARDENINGEnsure the SINAMICS drive is not directly accessible from the Internet
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate firmware of the integrated SCALANCE S615 device to version V7.2 or later
Long-term hardening
0/1HARDENINGImplement network segmentation: locate the control system behind a firewall and isolate from business network
CVEs (23)
CVE-2018-25032CVE-2021-42374CVE-2021-42378CVE-2021-42379CVE-2021-42380CVE-2021-42381CVE-2021-42382CVE-2021-42383CVE-2021-42384CVE-2021-42385CVE-2021-42386CVE-2022-0547CVE-2022-1199CVE-2022-1292CVE-2022-1343CVE-2022-1473CVE-2022-23308CVE-2022-32205CVE-2022-32206CVE-2022-32207CVE-2022-32208CVE-2022-35252CVE-2022-36946
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3f510b33-54c0-4bdf-bab3-b4b653156551