Siemens SINAMICS S200 Bootloader Vulnerability Let Attackers Compromise the Device

Siemens has disclosed a critical security vulnerability affecting specific SINAMICS S200 drive systems that could allow attackers to compromise devices by exploiting an unlocked bootloader. 

The vulnerability, tracked as CVE-2024-56336 and has received the highest severity ratings with a CVSS v3.1 score of 9.8 and CVSS v4.0 score of 9.5.

The security advisory SSA-787280 identifies that all SINAMICS S200 devices with serial numbers beginning with SZVS8, SZVS9, SZVS0, or SZVSN and an FS number of 02 contain an unlocked bootloader that fundamentally undermines the device’s security architecture. 

This critical flaw enables attackers to inject malicious code or install untrusted firmware, effectively bypassing the drive’s built-in security protections.

“The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware”,  Siemens stated in their advisory

“The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.”

Siemens SINAMICS S200 Bootloader Vulnerability

The vulnerability has been classified under CWE-287 (Improper Authentication), indicating that the bootloader fails to authenticate firmware before installation properly. 

Security researchers note that the attack vector is network-based (AV:N) with low attack complexity (AC:L). It requires no special privileges (PR:N) or user interaction (UI:N) to exploit, making it particularly dangerous in industrial environments.

Industrial facilities using the affected drives face potential risks, including unauthorized control of industrial processes, damage to equipment, production disruptions, and data theft.

The vulnerability could serve as an entry point for attackers seeking to compromise broader industrial control networks.

Risk Factors	Details
Affected Products	SINAMICS S200 – All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02
Impact	Complete system compromise
Exploit Prerequisites	Network access, No authentication required
CVSS 3.1 Score	9.8 (Critical)

Despite the high severity rating, Siemens has not yet released a firmware update to address the vulnerability. 

Instead, the company recommends customers implement defense-in-depth security measures and follow Siemens’ operational guidelines for Industrial Security.

Recommendations

Organizations operating the affected SINAMICS S200 drives should immediately:

• Identify all devices with the specified serial numbers
• Isolate vulnerable systems from public networks
• Implement strict network segmentation
• Monitor for unauthorized access attempts
• Contact Siemens customer service for further support

The Exploit Prediction Scoring System (EPSS) currently rates this vulnerability with a probability score of 0.09% (41.3 percentile), suggesting that while exploitation is possible, widespread attacks have not yet been observed.

Industrial cybersecurity experts recommend that organizations prioritize addressing this vulnerability, as compromised drive systems could have significant operational and safety implications in manufacturing, energy, and infrastructure sectors where these devices are commonly deployed.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.