OTPulse

Siemens SINAMICS Drives

MonitorCVSS 6.3ICS-CERT ICSA-25-254-03Sep 9, 2025
Siemens
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

Siemens SINAMICS G220, S210, and S200 drives contain a privilege escalation vulnerability in firmware version 6.4. A local user without elevated privileges could escalate to higher privilege levels through user interaction, potentially gaining unauthorized access to modify drive parameters, setpoints, and control settings. This vulnerability requires local access to the drive's engineering interface or control panel and is not remotely exploitable. Attack complexity is high, requiring user interaction to trigger.

What this means
What could happen
A local user without special privileges could escalate to higher privilege levels on the SINAMICS drive, potentially allowing unauthorized changes to motor speed setpoints, operating modes, or parameters that affect plant operations. This requires local access and user interaction to exploit.
Who's at risk
Water utilities and power plants operating Siemens SINAMICS variable frequency drives (G220, S200, S210 models) used to control pump motors, fan systems, and other rotating equipment. Affected installations running firmware version 6.4 prior to the specified hotfixes.
How it could be exploited
An attacker with local access to the drive's engineering interface or control panel would need to trick a user into performing a specific action. Once the user interacts with the malicious input, the attacker's process gains higher privilege levels, allowing modification of drive parameters and control logic.
Prerequisites
  • Local access to the SINAMICS drive console or engineering workstation
  • User interaction required (social engineering or accidental click)
  • No special credentials needed for initial access
Privilege escalation allows unauthorized parameter changesLocal access required but no special credentialsUser interaction / high attack complexitySafety-critical systems (motor control, speed regulation)S200 has no patch available
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
SINAMICS G220 V6.4<V6.4 HF26.4 HF2
SINAMICS S200 V6.4<V6.4 HF76.4 HF7
SINAMICS S210 V6.4<V6.4 HF26.4 HF2
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict physical and network access to SINAMICS drive engineering interfaces to authorized personnel only
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

SINAMICS G220 V6.4
HOTFIXUpdate SINAMICS G220 V6.4 to hotfix HF2 or later
SINAMICS S210 V6.4
HOTFIXUpdate SINAMICS S210 V6.4 to hotfix HF2 or later
Long-term hardening
0/1
SINAMICS S200 V6.4
HARDENINGFor SINAMICS S200 V6.4, which has no patch available, ensure the drive is located behind a firewall and segregated from untrusted networks until a fix is released
View full CISA ICS-CERT advisory
API: /api/v1/advisories/58512e3a-da65-4511-8289-b13b07bf9a1b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Siemens SINAMICS Drives | CVSS 6.3 - OTPulse