Multiple Vulnerabilities in the Integrated SCALANCE S615 of SINAMICS Medium Voltage Products
Act Now9.8SSA-942865Jun 13, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SINAMICS PERFECT HARMONY GH180 6SR5 contains multiple vulnerabilities in the integrated SCALANCE S615 network switch. The vulnerabilities include buffer overflow (CWE-787), out-of-bounds read (CWE-125), use-after-free (CWE-416), weak authentication (CWE-287), OS command injection (CWE-78), improper certificate validation (CWE-295), and several other weaknesses. These flaws allow an attacker with network access to execute arbitrary code, access sensitive data, or cause denial of service on the device. The SCALANCE S615 manages network connectivity for the medium voltage drive system.
What this means
What could happen
An attacker with network access to the SINAMICS drive could execute arbitrary commands on the integrated network switch, potentially isolating the drive from monitoring and control systems, manipulating communications between the drive and automation controllers, or causing the drive to become unavailable.
Who's at risk
Operators of SIEMENS SINAMICS PERFECT HARMONY GH180 6SR5 medium voltage drives should be concerned. This product is commonly used in large industrial motor control applications, including pumps, compressors, and fans in water utilities, electric utilities, and manufacturing facilities. The vulnerability is in the network management component, so any facility with these drives on a network is at risk.
How it could be exploited
An attacker on the network can send specially crafted packets to the SCALANCE S615 device (accessible via Ethernet port on the SINAMICS GH180 drive) to trigger buffer overflow, command injection, or authentication bypass flaws. Once exploited, the attacker gains control of the network switch, which handles all data to and from the drive controller.
Prerequisites
- Network access to the Ethernet port of the SINAMICS GH180 drive or to a network segment connected to the integrated SCALANCE S615
- No authentication required for exploitation of most vulnerabilities
remotely exploitableno authentication requiredlow complexityhigh EPSS score (41.2%)no patch availableaffects critical industrial infrastructure
Exploitability
High exploit probability (EPSS 41.2%)
Affected products (1)
ProductAffected VersionsFix Status
SINAMICS PERFECT HARMONY GH180 6SR5All versionsV7.2 or later
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement network segmentation to restrict access to the SINAMICS GH180 drive to authorized engineering and monitoring networks only
HARDENINGApply firewall rules to block unnecessary inbound access to the Ethernet port of the SINAMICS GH180
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate the firmware of the integrated SCALANCE S615 device to version V7.2 or later
Long-term hardening
0/1HARDENINGMonitor for exploitation attempts by reviewing network logs for suspicious connections to the drive's network interface
CVEs (23)
CVE-2018-25032CVE-2021-42374CVE-2021-42378CVE-2021-42379CVE-2021-42380CVE-2021-42381CVE-2021-42382CVE-2021-42383CVE-2021-42384CVE-2021-42385CVE-2021-42386CVE-2022-0547CVE-2022-1199CVE-2022-1292CVE-2022-1343CVE-2022-1473CVE-2022-23308CVE-2022-32205CVE-2022-32206CVE-2022-32207CVE-2022-32208CVE-2022-35252CVE-2022-36946
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2ea61108-c34d-43fc-9bfd-b4fba24a7556