SSA-674165 (Last Update: 2018-12-11): Vulnerability in McAfee MACC product for SINAMICS PERFECT HARMONY GH180 drives

Published

2018-12-11 00:00:00

Summary

McAfee has issued Security Bulletin SB10250 to address a vulnerabilty in McAfee Application and Change Control (MACC). SINAMICS PERFECT HARMONY GH180 Drives with HMIs produced between November 4th, 2015 and October 9th, 2018, use MACC as part of their software package, if option A30 was part of the order.

Siemens has analyzed the vulnerability and has determined that this vulnerability applies to these HMIs.

HMIs with this vulnerability can be compromised via local attack using removable USB storage devices to transfer malicious files. These file can be executed to compromise the HMI and by extension the drive system.

For compatibility reasons, Siemens advises the installation of MACC 8.2.0 instead of version 8.0.0, hotfix 5 as mentioned in SB10250.