Siemens Sinamics Perfect Harmony GH180 Fieldbus Network Vulnerability

A high-severity vulnerability has been identified in the Siemens Sinamics Perfect Harmony GH180 Fieldbus Network. ). The flaw is remotely exploitable, requires a low level of skill to exploit, and requires no privileges or user interaction.

The flaw is present in the follow medium voltage converters

Siemens Sinamics Perfect Harmony GH180 with NXG I control and GH180 with NXG II control: MLFBs: 6SR2. . . -, 6SR3. . . -, 6SR4. . . -: The flaw affects all versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46

The flaw concerns improper input validation and could be exploited to trigger a denial-of-service condition by sending specially crafted packets to the device, causing the device to restart, which would compromise the availability of the affected system. Network access to the device would be required to exploit the vulnerability.

The vulnerability – CVE-2019-6574 – has been assigned a CVSSv3 base score of 7.5 out of 10.

To correct the flaw, users should upgrade to NXGpro control. If the upgrade is not possible, the following workaround has been suggested:

Disable the fieldbus parameter read/write functionality

Apply cell protection concept and implement defense in depth

Siemens Sinamics Perfect Harmony GH180 Drives NXG I and NXG II Vulnerability

A high-severity vulnerability has been identified in Siemens Sinamics Perfect Harmony GH180 Drives (NXG I and NXG II). The flaw is remotely exploitable, requires a low level of skill to exploit, and requires no privileges or user interaction.

If exploited, an individual with access to the Ethernet Modbus Interface could trigger a denial-of-service condition exceeding the number of available connections and compromise the availability of the affected system.

The vulnerability is present in all versions of GH180 with NXG I control and CH180 with NXG II control (MLFBs: 6SR2. . . -, 6SR3. . . -, 6SR4. . . -)

The vulnerability – CVE-2019-6578 – has been assigned a CVSSv3 base score of 7.5 out of 10.

To correct the flaw, users should upgrade to NXGpro control. If the upgrade is not possible, the following workaround has been suggested:

Install a protocol bridge that isolates the networks and eliminates direct connections to the Ethernet Modbus Interface.

Apply cell protection concept and implement defense in depth.

AFFECTED PRODUCTS

Siemens has determined this vulnerability applies to the following medium voltage converters:

SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2. . . -, 6SR3. . . -, 6SR4. . . -: All versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46

SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2. . . -, 6SR3. . . -, 6SR4. . . -: All versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46