SIEMENS-SSA-910883
·
Published 2022-07-12
·
View on Siemens ProductCERT ↗
SSA-910883 V1.0: DHCP Client Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
CVSS 9.8
CRITICAL
Risk Summary
<p> Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a DHCP client vulnerability (CVE-2021-29998) in the integrated SCALANCE X206-1 device. The vulnerability could allow an attacker to cause a heap-based buffer overflow on that device and use it to get access to the drive’s internal network. </p> <p> The list of affected drive models can be found in the section “Additional Information” below. </p> <p> Recently manufactured drives are no longer affected. For older drives, Siemens provides detailed remediation advise via customer support. </p>
CVEs (1)
Remediations
- Refer to Siemens ProductCERT advisory for patch and remediation guidance.
Affected Vendors
Siemens
Affected Products (1)
Siemens
·
SSA-910883 V1.0: DHCP Client Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
See advisory
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more