Siemens SINAMICS Medium Voltage Products

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

Authentication flaw

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products SINAMICS SL15...

Siemens SINAMICS SL150 Input Validation Error Vulnerability

Siemens SINAMICS SL150 is an application program of Siemens, Germany. Cyclic frequency converter for high-torque slow-speed synchronous and induction motors. An input validation error vulnerability exists in the SINAMICS SL150, which can be exploited by an attacker to cause a denial-of-service...

Design/Logic Flaw

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control...

Siemens SINAMICS SL150 访问控制错误漏洞

Siemens SINAMICS SL150 is an application program of Siemens, Germany. Cyclic frequency converter for high-torque slow-speed synchronous and induction motors. An access control error vulnerability exists in multiple Siemens devices. The vulnerability stems from a system component's Telnet service...

CVE-2020-15798

A vulnerability has been identified in SIMATIC HMI Comfort Panels incl. SIPLUS variants All versions V16 Update 3a, SIMATIC HMI KTP Mobile Panels All versions V16 Update 3a, SINAMICS GH150 All versions, SINAMICS GL150 with option X30 All versions, SINAMICS GM150 with option X30 All versions,...