Replay Attack Vulnerability in LOGO! 8 BM by Siemens
CVE-2020-25229
7.5HIGH
Key Information:
- Vendor
- Siemens
- Vendor
- CVE Published:
- 14 December 2020
Summary
A vulnerability within the LOGO! 8 BM product family from Siemens has been discovered, revealing risks associated with its encryption method for communication. This vulnerability is primarily due to the reliance on a static encryption key, which can be exploited through replay attacks. Attackers can intercept and reuse communication messages intended for one device, allowing them to gain unauthorized access and modify configurations or change passwords on affected devices. This flaw affects all versions prior to V8.3, including the SIPLUS variants, highlighting the importance of updating to a secure version to mitigate potential attacks.
Affected Version(s)
LOGO! 8 BM (incl. SIPLUS variants) All versions < V8.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved