SIEMENS-SSA-434535 · Published 2021-09-14 · View on Siemens ProductCERT ↗

SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives

CVSS N/A MEDIUM

Risk Summary

<p>Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.</p> <p>Siemens provides new drives with the fix included and recommends specific countermeasures for older drives. The list of affected drive models can be found in the section “Additional Information”.</p>

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more