Device Reconfiguration Vulnerability in LOGO! 8 by Siemens
CVE-2019-10919

9.4CRITICAL

Key Information:

Vendor
Siemens
Status
Logo! 8 Bm (incl. Siplus Variants)
Vendor
CVE Published:
14 May 2019

Summary

A vulnerability in Siemens LOGO! 8, including SIPLUS variants, allows unauthorized access to port 10005/tcp. This flaw enables attackers to perform device reconfigurations and extract project files without authentication. With no user interaction needed, the attack can severely compromise the device's confidentiality, integrity, and availability. Users are advised to secure access to this port to mitigate potential risks.

Affected Version(s)

LOGO! 8 BM (incl. SIPLUS variants) All versions < V8.3

References

http://www.securityfocus.com/bid/108382
vdb-entryx_refsource_BID
https://seclists.org/bugtraq/2019/May/73
mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2019/May/45
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.