SINAMICS

Sinamics is a family of frequency converters manufactured by Siemens. The devices are designed to control the performance of certain sections of electrical systems and allow increasing the energy efficiency of production processes.

Here are some of the converter models in this family:

• Sinamics V20. Compact frequency converters up to 30 kW. They can be used with asynchronous motors, which are not subject to increased requirements for accurate speed maintenance.
• Sinamics G120. Modular drive system comprising power and control modules. They are used in pumps, ventilation equipment, compressors, and are widely in demand in mechanical engineering.
• Sinamics G 120X. Frequency converters optimized for infrastructure and industrial water supply and disposal systems. Suitable for pumps and fans in building automation systems.
• Sinamics G130. A wide range of additional components allows you to create configurations for almost any application. Mainly in demand for ventilation systems, pumps, mixers, extruders.
• Sinamics G150. It has a cabinet version. All main components and auxiliary units are compactly located in a specially designed cabinet. It is in demand for the processes of transportation, pumping and injection of liquids and gases.
• Sinamics S110/S120. It is used in cyclic and continuous processes, which are subject to increased requirements for the quality of frequency conversion. The devices are effective when used in thermoplastic machines, extruders, lifting and transport equipment, rolling mills, and metalworking equipment.
• Sinamics DC, Sinamics DCM. These are DC drives of new generations. Designed for use in standard and unfavorable conditions, a wide temperature range. Can be integrated into any automated system.

History

2025: A dangerous vulnerability found in popular Siemens controllers that does not have a fix

In mid-March, FSTEC published a warning about the discovery of a vulnerability BDU:2025-02718^[1]which is present in the SINAMICS servo loader S200 manufactured by Siemens. She received a hazard rating of 9.8 out of 10 according to the CVSS method, and so far no fixes have been released by the developer.

A vulnerability related to the shortcomings of the authentication procedure was discovered in versions of devices whose serial numbers begin with SZVS8, SZVS9, SZVS0 or SZVSN, as well as in FS-02 numbers. Vulnerable devices contain an unprotected bootloader, the intervention of which allows you to execute extraneous code and even install your own software on the vulnerable device. Built-in security features designed to protect against data manipulation and unauthorized access are compromised when using an unprotected bootloader.

SINAMICS S200 is a frequency-controlled servo motor manufactured by Siemens, - explained the purpose of the devices of the corresponding series in the press service of Reksoft. - Most often it is used in CNC machines and robots. As a rule, such units are not connected directly to the common network and to the Internet. Most often, they have a higher controller, which serves as an additional layer of information security. And the recommended compensation measures allow you to fully compensate for the potential risk from this vulnerability.

𝓲

Фото: Siemens

True, fixes for the vulnerability have not BDU:2025-02718 been released now, so the only way to protect is by compensating measures that should ensure that vulnerable devices interact with untrusted networks. These devices at one time were quite popular with Russian companies, so some of them remained in the technological networks of enterprises.

Siemens' SINAMICS S200 controllers are industrial automation workhorses, "Anatoly Peskovsky, head of security analysis at Informzaschita, told TAdviser. - They are actively used in industry, including Russian enterprises. These devices are in demand in such areas as mechanical engineering, power and automation of production processes due to their reliability and high performance. The SINAMICS bootloader S200 designed with a focus on functionality rather than protection. Their popularity is due to the high degree of integration with the Siemens ecosystem (for example, TIA Portal software), support for industrial standards (PROFINET) and a long life cycle.

Ekaterina Gerling, a leading analyst engineer at Gazinformservice, noted that the SINAMICS S200 series of devices was previously installed at KII facilities. Although now the process of replacing them with domestic analogues has been launched, but has not yet been completed, therefore they can be installed on some objects.

SINAMICS S200 ensures the correct operation of engines and motors used at large industrial facilities, "she explained the danger of vulnerability for Russian enterprises. - Exploitation of the BDU:2025-02718 vulnerability can lead to malfunction of pump motors pumping flammable liquids, which can lead to engine overheating and further explosion. Of the less serious consequences: improper operation of this controller can cause overloading of the power supply.

These devices are the lowest technological level in the APCS infrastructure, therefore, their protection must be controlled in conjunction with the protection tools of higher levels.

SINAMICS is a local series of Siemens controllers for controlling specific drives, "Damir Strazutdinov, software engineer at Innostage, explained for TAdviser. - Most often they are connected to other Siemens PLCs that are already connected to the network. Therefore, in order to prevent the exploitation of the vulnerability found, including using a firewall, it is worth considering these devices in conjunction.

In this case, it is necessary to provide protection against the fact that an attacker, including from among the engineers of service companies, can connect to the device directly and intervene in the protection. That is, tools are needed to preserve the integrity of the automated control system.

An attacker can gain control over equipment, which in industrial conditions can lead to wide negative consequences, "Kai Mikhailov, head of information security at iTProtect, warned TAdviser readers. - The main risk of intruder penetration in this case is a violation of the closure of the industrial network. Some contractors deliberately leave feedback channels in the form of additional adapters to bypass restrictions and access the network for ease of administration, thereby connecting the closed segment to public networks.

Therefore, even for closed segments, it is necessary to provide methods for identifying such alternative data channels, since they can be used to exploit vulnerabilities like BDU:2025-02718.

The vulnerability can be used for mass attacks when controllers access the network, - said Valery Stepanov, acting Director of the Competence Center for Information Security of T1 Integration. - However, to successfully carry out such an attack, an attacker will need the skills and resources necessary to automate the process and target organizations using these controllers.

Therefore, it is important to prevent an attacker from communicating with devices directly. To block the massive exploitation of this vulnerability, you can, for example, use segmentation of communication networks used for the interaction of field devices. Sergey Petrov, Head of Industrial Safety Expertise at Positive Technologies, recommended the following to TAdviser readers:

To protect vulnerable devices, it is enough to follow the recommendations of the vendor and FSTEC, namely: use firewall tools to limit the possibility of remote access to devices; Restrict access from external networks (Internet) segment networks to restrict access to the vulnerable device. In addition, it is important to use continuous traffic analysis systems.

Since there are no fixes for the vulnerability, one of the protection options is the transition to domestic devices for automating technological processes.

SINAMICS S200 are widely used in automatic parameter control systems in various industries: oil and gas, energy, robotics, for creating high-precision machines and transport and unloading mechanisms and other directions, - Igor Korchagin, head of the information security department of IVK, commented on the situation with vulnerable devices. - A number of Russian companies are already producing PLCs for their own servo drives. These are, for example, devices "Prosoft-Systems," "Relay and Automation," "ARIES-Ufa," KEAZ, NVP "Bolid" and others.

However, a quick transition to alternative solutions after vulnerabilities are discovered can be associated with financial problems. Therefore, it is not recommended to rush the transition.

In my opinion, the refusal to use vulnerable devices is inappropriate, both if the devices have already been introduced into production lines, and if the choice of these devices was included in the project, which is just planned for implementation, - said TAdviser Alexander Samsonov, leading expert of the development and testing department of the company "Security Code." - Replacing with analogs can lead to significant financial and temporary costs, and software fixes for vulnerable devices are likely to be released in the near future.

Instead of replacing the equipment, he recommends that standard recommendations for protecting the internal circuit of the network be fulfilled efficiently. If you protect vulnerable devices from unauthorized network access and prevent intruders from entering the internal network loop, then it will be impossible to exploit the vulnerability. True, the replacement of foreign products at CII facilities is one of the requirements of Russian regulators, but for commercial companies, which are often CII entities, it is necessary to maintain a balance between safety and the costs of maintaining it.

Of course, so far we have not replaced everything related to the ability to harm the country through Siemens or BIM models, we must take all possible protection and control measures, and treat the decisions made, especially in critical places, as "distrustful" decisions, "said Mikhail Bocharov, Deputy Director General for Scientific Work" SiSoft Development. " - This does not mean at all that we must close and stop using even gadgets, here we need a thoughtful and balanced approach.

Notes