15 matches found
CVE-2022-36360
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker t...
PT-2022-7651 · Siemens · Logo! 230Rce +7
Name of the Vulnerable Software and Affected Versions: LOGO! 12/24RCE versions 6ED1052-1MD08-0BA1 through 6ED1052-1MD08-0BA2 LOGO! 12/24RCEo versions 6ED1052-2MD08-0BA1 through 6ED1052-2MD08-0BA2 LOGO! 230RCE versions 6ED1052-1FB08-0BA1 through 6ED1052-1FB08-0BA2 LOGO! 230RCEo versions...
CVE-2020-25233
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device...
CVE-2020-25235
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins...
CVE-2020-25234
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...
CVE-2020-25230
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...
CVE-2020-25229
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any...
CVE-2020-25228
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access...
CVE-2020-25231
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program fil...
CVE-2020-25232
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...
Siemens LOGO! 8 BM Static Key Replay Attack Vulnerability
Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in Siemens LOGO! 8 BM. An attacker could exploit this vulnerability by performing a replay attack to make unauthorized changes to passwords or...
Siemens LOGO! 8 BM 访问控制错误漏洞
SIEMENS LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in SIEMENS LOGO! 8 BM, which can be exploited by an attacker who has access to specific services to gain unauthorized full access to all services...
CVE-2020-7593
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants V1.81.01 - V1.81.03, LOGO! 8 BM incl. SIPLUS variants V1.82.01, LOGO! 8 BM incl. SIPLUS variants V1.82.02. A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacke...
CVE-2019-10921
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated...
CVE-2017-12734
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V1.81.2. An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use...