Configuration Access Vulnerability in Perfect Harmony GH180 by Siemens
CVE-2024-35295

5.2MEDIUM

Key Information:

Vendor: Innomotics
Status: Perfect Harmony Gh180
Vendor: CVE Published:; 11 June 2025

What is CVE-2024-35295?

A serious configuration access vulnerability has been identified in the Perfect Harmony GH180 systems. Devices running versions between V8.0 and V8.3.3 with the NXGPro+ controller manufactured between April 2020 and April 2025 are notably affected. The flaw arises from an insufficiently protected maintenance connection to the device's control unit configuration. An attacker with physical access could exploit this vulnerability through the maintenance connection's door port, facilitating unauthorized configuration changes that could compromise the device's intended operation.

Affected Version(s)

Perfect Harmony GH180 V8.0

References

https://cert-portal.siemens.com/productcert/html/ssa-7711...

https://www.innomotics.com/hub/en/ISA-771113

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
May 15, 2024

Innomotics

What is CVE-2024-35295?

Affected Version(s)

References

CVSS V4

Timeline