A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.
[
{
"vendor": "Siemens",
"product": "LOGO! 8 BM (incl. SIPLUS variants)",
"versions": [
{
"version": "All versions < V8.3",
"status": "affected"
}
]
}
]