Unencrypted Password Storage Vulnerability in Siemens LOGO! 8 Devices
CVE-2019-10921

7.5HIGH

Key Information:

Vendor
Siemens
Status
Logo! 8 Bm (incl. Siplus Variants)
Vendor
CVE Published:
14 May 2019

Summary

A security flaw has been discovered in Siemens LOGO! 8 devices, including SIPLUS variants, where passwords are stored in an unencrypted format. This vulnerability affects all versions prior to V8.3 and allows unauthorized access to sensitive credentials over network port 10005/tcp. An attacker with network access can exploit this vulnerability without needing any user interaction, posing a significant risk to the confidentiality of the device. At the time of this advisory, no evidence of public exploitation had been reported.

Affected Version(s)

LOGO! 8 BM (incl. SIPLUS variants) All versions < V8.3

References

http://www.securityfocus.com/bid/108382
vdb-entryx_refsource_BID
https://seclists.org/bugtraq/2019/May/74
mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2019/May/49
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.