Primary

Context

Siemens SINAMICS S200 Unlocked Bootloader Vulnerability Allowing Code Injection and Unauthorized Firmware Installation

Vulnerability

A vulnerability exists in all SINAMICS S200 devices with serial numbers starting with SZVS8, SZVS9, SZVS0, or SZVSN and FS number 02. These devices have an unlocked bootloader, which allows attackers to inject malicious code or install untrusted firmware. This flaw undermines the device's security features meant to prevent data manipulation and unauthorized access.

Impact

Exploitation of this vulnerability could lead to the injection of malicious code or the installation of untrusted firmware, potentially damaging or compromising the affected device.

Remediation

Users are advised to follow general security recommendations and apply a defense-in-depth approach. For product-specific support, contact local customer service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINAMICS S200 Unlocked Bootloader Vulnerability Allowing Code Injection and Unauthorized Firmware Installation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating