Vulnerability in Siemens LOGO! Control Devices
CVE-2020-25236

5.5MEDIUM

Key Information:

Vendor: Siemens
Status: Logo! 12/24rce; Logo! 12/24rceo; Logo! 230rce; Logo! 230rceo
Vendor: CVE Published:; 15 March 2021

Summary

A vulnerability exists in various Siemens LOGO! control devices where an attacker can exploit the control logic execution. This manipulation may lead to an improper response from the device, causing it to crash. Once the attack is executed successfully, a manual reset of the affected device is necessary to restore normal operation. This vulnerability highlights the importance of secure device configurations to mitigate risks associated with unauthorized control logic manipulation.

Affected Version(s)

LOGO! 12/24RCE 0

LOGO! 12/24RCEo 0

LOGO! 230RCE 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-78348...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-7834...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2021
Vulnerability Reserved
Sep 10, 2020