CVE-2019-6578

Name of the Vulnerable Software and Affected Versions SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28) SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28)

Description A denial of service issue exists in the affected products, which could be exploited by an attacker with network access to the device. The vulnerability is related to insufficient input validation in the SINAMICS PERFECT HARMONY GH180 driver software. Successful exploitation requires no privileges and no user interaction, allowing an attacker to compromise the availability of the affected system. At the time of advisory publication, no public exploitation of this security issue was known.

Recommendations For SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), consider restricting network access to the device until a fix is available. For SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), consider restricting network access to the device until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.