cbcvebase.
CVE-2024-56336
published 2025-03-11

CVE-2024-56336: A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.51%
39.8th percentile
A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware. The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.

Affected

1 ranges
VendorProductVersion rangeFixed in
siemenssinamics_s200< **

Detection & IOCsextracted from sources · hover to see the quote

  • Target devices can be identified by serial numbers beginning with SZVS8, SZVS9, SZVS0, or SZVSN with FS number 02 — these are the affected SINAMICS S200 units with an unlocked bootloader vulnerable to firmware injection.
  • The attack vector is network-accessible (AV:N) with no privileges required and no user interaction, meaning exploitation can occur remotely without authentication — monitor for unexpected firmware update attempts or bootloader interactions on SINAMICS S200 devices.
  • The vulnerability is an unlocked bootloader (CWE-287 Improper Authentication) — detection should focus on unauthorized firmware download or installation events on affected SINAMICS S200 drives.
  • ·Not all SINAMICS S200 devices are affected — only those with serial numbers beginning with SZVS8, SZVS9, SZVS0, or SZVSN AND FS number 02. Verify serial and FS number before treating a device as vulnerable.
  • ·CVSS v4 score of 9.5 includes an Attack Requirements (AT:P) modifier indicating some prerequisite condition exists, despite the overall critical severity — factor this into exploitation likelihood assessments.
  • ·No patch is available; Siemens' only mitigation is defense-in-depth and contacting local customer service — there is no firmware fix to deploy at this time.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.5CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.