CVE-2019-6574

Name of the Vulnerable Software and Affected Versions SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46) SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46)

Description The issue is related to an improperly configured Parameter Read/Write execution via Field bus network, which may cause the controller to restart. An attacker with network access to the device could exploit this to compromise the availability of the affected system. Successful exploitation requires no privileges and no user interaction. At the time of advisory publication, no public exploitation of this security issue was known.

Recommendations For SINAMICS PERFECT HARMONY GH180 with NXG I control, consider restricting access to the Field bus network to minimize the risk of exploitation. For SINAMICS PERFECT HARMONY GH180 with NXG II control, consider restricting access to the Field bus network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.