Siemens reports critical flaw in SINAMICS S200
Take action: A very underwhelming advisory from Siemens. Their SINAMICS S200 devices have a critical vulnerability but there is no patch. Instead, you are left with the basic hygiene - isolate the SINAMICS S200 devices in a separate network (ideally air-gapped from everything else), and make sure physical access to the devices is also controlled and restricted. But contact Siemens, they may have a patch plan that's not public.
Learn More
Siemens has identified a critical security vulnerability affecting all versions of their SINAMICS S200 devices.
The flaw is tracked as CVE-2024-56336 (CVSS score 9.5) - Improper Authentication and stems from an unlocked bootloader in the affected devices. This security oversight enables attackers to inject malicious code or install untrusted firmware that could damage or compromise the device.
Affected Products: Siemens SINAMICS S200, all versions
Siemens has not provided a specific patch for this vulnerability. Instead, they recommend the following mitigations:
- Follow the general security recommendations and apply defense in depth
- Contact local Siemens customer service for further support
