Full Report
Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Privilege Escalation in Siemens SINAMICS Drives
## CVE Details
- CVE ID: CVE-2025-40594
- CVSS Score: 6.3 (CVSS v3.1) / 6.9 (CVSS v4.0) (Medium)
- CWE: CWE-269: Improper Privilege Management
## Affected Systems
- Products: Siemens SINAMICS G220, SINAMICS S210, SINAMICS S200
- Versions:
- SINAMICS G220: All versions < V6.4 HF2
- SINAMICS S210: All versions < V6.4 HF2
- SINAMICS S200: All versions (no specific version boundary listed, implies all current versions)
- Configurations: Details regarding specific configuration conditions needed for exploitation are not fully detailed, but the vulnerability stems from improper privilege management allowing post-session privilege usage.
## Vulnerability Description
The vulnerability resides in improper privilege management within the affected SINAMICS devices. This flaw allows an unauthenticated attacker to execute a factory reset without the required privileges and also permits manipulation of configuration data due to privileges being leaked from previous sessions. Successful exploitation can lead to an unauthorized privilege escalation.
## Exploitation
- Status: Not specified if exploited in the wild. PoC availability is not mentioned.
- Complexity: CVSS Vector (CVSS 3.1: AV:L/AC:H/PR:N/UI:R) suggests an attack requires Local access (AV:L), High complexity (AC:H), No privileges required prior to attack execution (PR:N), and User interaction (UI:R).
- Attack Vector: Local (AV:L)
## Impact
- Confidentiality: Not disclosed/Not High (C:N in v3.1 vector)
- Integrity: High (I:H) - Due to potential configuration data manipulation and unauthorized factory reset.
- Availability: Low (A:L) - Due to potential impact from factory reset.
## Remediation
### Patches
- **SINAMICS G220**: Update to V6.4 HF2 or later version.
- **SINAMICS S210**: Update to V6.4 HF2 or later version.
- **SINAMICS S200**: Currently no fix is available. Siemens is preparing further fix versions.
### Workarounds
For products where fixes are not yet available (e.g., SINAMICS S200), Siemens recommends implementing countermeasures detailed following the general security recommendations:
1. Protect network access to the devices with appropriate mechanisms.
2. Configure the operational environment according to Siemens' operational guidelines for Industrial Security.
3. Follow recommendations in the product manuals.
## Detection
- **Indicators of Compromise**: Not explicitly detailed, but potential signs include unauthorized factory resets or unexpected configuration changes originating from local access attempts.
- **Detection methods and tools**: No specific IoCs or tools provided; relies on endpoint/network monitoring adhering to industrial security guidelines.
## References
- Siemens Advisory: SSA-027652
- Siemens Support Links (for patches):
- G220/S210 Patch Information: hxxps://support.industry.siemens.com/cs/ww/en/view/109983183/
- S210 Patch Information: hxxps://support.industry.siemens.com/cs/ww/en/view/109978915/
- Siemens Operational Guidelines: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- Siemens Industrial Security Portal: hxxps://www.siemens.com/industrialsecurity