Weakness in LOGO! 8 BM Product by Siemens Allowing Unauthorized Configuration Access
CVE-2020-7589

9.1CRITICAL

Key Information:

Vendor: Siemens
Status: Logo! 8 Bm (incl. Siplus Variants)
Vendor: CVE Published:; 10 June 2020

Summary

A vulnerability in LOGO! 8 BM and its SIPLUS variants could allow an attacker to read and modify the configuration of the device without any user interaction. This weakness is exploitable remotely via TCP port 135, granting access to sensitive project files. The disclosed vulnerability jeopardizes the confidentiality and integrity of the device, posing a serious risk to its operational security. At the time of advisory publication, there were no known public exploits for this issue.

Affected Version(s)

LOGO! 8 BM (incl. SIPLUS variants) All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-81740...

x_refsource_MISC

https://www.us-cert.gov/ics/advisories/icsa-20-161-03

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 21, 2020