Siemens has an upgrade available to mitigate an uncontrolled resource consumption vulnerability in its SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could allow an attacker with access to the Ethernet Modbus Interface to cause a denial-of-service condition exceeding the number of available connections.
The following SINAMICS PERFECT HARMONY GH180 products suffer from the issue:
SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2, 6SR3, 6SR4, all versions with option G28
SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2, 6SR3, 6SR4, all versions with option G28
In the vulnerability, successful exploitation requires no privileges and no user interaction. An attacker with network access to the device could use the vulnerability to compromise availability of the affected system.
CVE-2019-6578 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees use in the chemical, energy, food and agriculture, healthcare and public health, transportation systems, and water and wastewater systems sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Siemens recommends affected users upgrade to NXGpro control. Contact Siemens’ customer service to obtain and install the upgrade.
Siemens has identified the following workarounds and mitigations that users can apply:
• Install a protocol bridge that isolates the networks and eliminates direct connections to the Ethernet Modbus Interface
• Apply cell protection concept and implement defense in depth
For more information see Siemens advisory SSA-606525.