Siemens SINAMICS S200 Bootloader Vulnerability Let Attackers Compromise the Device
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Siemens has disclosed a critical security vulnerability affecting specific SINAMICS S200 drive systems that could allow attackers to compromise devices by exploiting an unlocked bootloader.
The vulnerability, tracked as CVE-2024-56336 and has received the highest severity ratings with a CVSS v3.1 score of 9.8 and CVSS v4.0 score of 9.5.
The security advisory SSA-787280 identifies that all SINAMICS S200 devices with serial numbers beginning with SZVS8, SZVS9, SZVS0, or SZVSN and an FS number of 02 contain an unlocked bootloader that fundamentally undermines the device’s security architecture.
This critical flaw enables attackers to inject malicious code or install untrusted firmware, effectively bypassing the drive’s built-in security protections.
“The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware”, Siemens stated in their advisory
“The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.”
Siemens SINAMICS S200 Bootloader Vulnerability
The vulnerability has been classified under CWE-287 (Improper Authentication), indicating that the bootloader fails to authenticate firmware before installation properly.
Security researchers note that the attack vector is network-based (AV:N) with low attack complexity (AC:L). It requires no special privileges (PR:N) or user interaction (UI:N) to exploit, making it particularly dangerous in industrial environments.
Industrial facilities using the affected drives face potential risks, including unauthorized control of industrial processes, damage to equipment, production disruptions, and data theft.
The vulnerability could serve as an entry point for attackers seeking to compromise broader industrial control networks.
Risk Factors Details Affected ProductsSINAMICS S200 – All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02ImpactComplete system compromiseExploit PrerequisitesNetwork access, No authentication requiredCVSS 3.1 Score9.8 (Critical)
Despite the high severity rating, Siemens has not yet released a firmware update to address the vulnerability.
Instead, the company recommends customers implement defense-in-depth security measures and follow Siemens’ operational guidelines for Industrial Security.
Recommendations
Organizations operating the affected SINAMICS S200 drives should immediately:
The Exploit Prediction Scoring System (EPSS) currently rates this vulnerability with a probability score of 0.09% (41.3 percentile), suggesting that while exploitation is possible, widespread attacks have not yet been observed.
Industrial cybersecurity experts recommend that organizations prioritize addressing this vulnerability, as compromised drive systems could have significant operational and safety implications in manufacturing, energy, and infrastructure sectors where these devices are commonly deployed.
#Cyber_Security #Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
Siemens SINAMICS S200 Bootloader Vulnerability Let Attackers Compromise the Device
Author: KaaviyaSiemens has disclosed a critical security vulnerability affecting specific SINAMICS S200 drive systems that could allow attackers to compromise devices by exploiting an unlocked bootloader.
The vulnerability, tracked as CVE-2024-56336 and has received the highest severity ratings with a CVSS v3.1 score of 9.8 and CVSS v4.0 score of 9.5.
The security advisory SSA-787280 identifies that all SINAMICS S200 devices with serial numbers beginning with SZVS8, SZVS9, SZVS0, or SZVSN and an FS number of 02 contain an unlocked bootloader that fundamentally undermines the device’s security architecture.
This critical flaw enables attackers to inject malicious code or install untrusted firmware, effectively bypassing the drive’s built-in security protections.
“The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware”, Siemens stated in their advisory
“The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.”
Siemens SINAMICS S200 Bootloader Vulnerability
The vulnerability has been classified under CWE-287 (Improper Authentication), indicating that the bootloader fails to authenticate firmware before installation properly.
Security researchers note that the attack vector is network-based (AV:N) with low attack complexity (AC:L). It requires no special privileges (PR:N) or user interaction (UI:N) to exploit, making it particularly dangerous in industrial environments.
Industrial facilities using the affected drives face potential risks, including unauthorized control of industrial processes, damage to equipment, production disruptions, and data theft.
The vulnerability could serve as an entry point for attackers seeking to compromise broader industrial control networks.
Risk Factors Details Affected ProductsSINAMICS S200 – All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02ImpactComplete system compromiseExploit PrerequisitesNetwork access, No authentication requiredCVSS 3.1 Score9.8 (Critical)
Despite the high severity rating, Siemens has not yet released a firmware update to address the vulnerability.
Instead, the company recommends customers implement defense-in-depth security measures and follow Siemens’ operational guidelines for Industrial Security.
Recommendations
Organizations operating the affected SINAMICS S200 drives should immediately:
- Identify all devices with the specified serial numbers
- Isolate vulnerable systems from public networks
- Implement strict network segmentation
- Monitor for unauthorized access attempts
- Contact Siemens customer service for further support
The Exploit Prediction Scoring System (EPSS) currently rates this vulnerability with a probability score of 0.09% (41.3 percentile), suggesting that while exploitation is possible, widespread attacks have not yet been observed.
Industrial cybersecurity experts recommend that organizations prioritize addressing this vulnerability, as compromised drive systems could have significant operational and safety implications in manufacturing, energy, and infrastructure sectors where these devices are commonly deployed.
#Cyber_Security #Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
