Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.
2013-12-07T00:55:04.147
2025-04-11T00:51:21.963
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | siemens | sinamics_s\/g_family_firmware | ≤ 4.6 | Yes |
| Hardware | siemens | sinamics_g110 | - | Yes |
| Hardware | siemens | sinamics_g110d | - | Yes |
| Hardware | siemens | sinamics_g120 | - | Yes |
| Hardware | siemens | sinamics_g120c | - | Yes |
| Hardware | siemens | sinamics_g120d | - | Yes |
| Hardware | siemens | sinamics_g120p | - | Yes |
| Hardware | siemens | sinamics_g130 | - | Yes |
| Hardware | siemens | sinamics_g150 | - | Yes |
| Hardware | siemens | sinamics_g180 | - | Yes |
| Hardware | siemens | sinamics_s110 | - | Yes |
| Hardware | siemens | sinamics_s120 | - | Yes |
| Hardware | siemens | sinamics_s120cm | - | Yes |
| Hardware | siemens | sinamics_s150 | - | Yes |