Zip Slip Vulnerability in LOGO! Soft Comfort by Siemens
CVE-2020-25243

5.1MEDIUM

Key Information:

Vendor: Siemens
Status: Logo! Soft Comfort
Vendor: CVE Published:; 22 April 2021

Summary

A significant vulnerability exists in LOGO! Soft Comfort, where a zip slip attack can be executed upon importing a malicious project file. This flaw can be exploited in conjunction with other vulnerabilities, potentially leading to unauthorized control and system takeover by an attacker.

Affected Version(s)

LOGO! Soft Comfort All versions < V8.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-98330...

x_refsource_MISC

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Sep 10, 2020