38 matches found
CISA Releases 18 Industrial Control Systems Advisories
CISA released 18 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-317-01 Mitsubishi Electric MELSEC iQ-F Series ICSA-25-317-02 AVEVA Application Server IDE ICSA-25-317-03...
EUVD-2019-16130
Malware in sbrugna...
CVE-2019-6571
A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. An attacker with network access to port 10005/tcp of the LOGO! device could cause a...
CVE-2019-6584
A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. The integrated webserver does not invalidate the Session ID upon user logout. An attacker that...
The vulnerability of microprogrammed software in Siemens LOGO!8 BM and SIPLUS LOGO! controllers, related to insufficient validation of input data, allows attackers to trigger malfunctions during maintenance operations.
The vulnerability of the microprogrammed software used in Siemens LOGO!8 BM and SIPLUS LOGO! programmable logic controllers is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause malfunctions by manipulating IP...
Siemens LOGO! 8 BM Missing Authentication For Critical Function (CVE-2020-25228)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access...
Siemens LOGO! 8 BM Use of Hard-Coded Cryptographic Key (CVE-2020-25233)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. This plugin only works with Tenable.ot. Please visit...
Siemens LOGO! 8 BM Devices Improper Validation of Specified Index, Position, or Offset in Input (CVE-2022-36363)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions. Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory. This plugin only...
Siemens LOGO! 8 BM Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-25232)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...
Siemens LOGO! 8 BM Use of Hard-Coded Cryptographic Key (CVE-2020-25229)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any...
Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2022-36361)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions. Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. Th...
Siemens LOGO! 8 BM Improper Handling of Extra Values (CVE-2019-10920)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker wi...
Siemens LOGO! 8 BM Plaintext Storage of a Password (CVE-2019-10921)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated...
Siemens LOGO! Insufficiently Protected Credentials (CVE-2017-12734)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V1.81.2. An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use...
Siemens LOGO! 8 BM input validation error vulnerability
A security vulnerability exists in Siemens LOGO! 8 BM, a programming software for the Windows platform used in industrial environments from Siemens, Germany. The vulnerability stems from the inability to properly validate offset values defined in TCP packets when calling methods. An attacker coul...
Siemens LOGO! 8 BM buffer overflow vulnerability (CNVD-2022-89767)
Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. Siemens LOGO! 8 BM suffers from a buffer overflow vulnerability that stems from an inability to properly validate the structure of a TCP packet through a variety of methods. An...
Siemens LOGO! 8 BM Input Validation Error Vulnerability (CNVD-2022-89766)
A security vulnerability exists in Siemens LOGO! 8 BM, a programming software for industrial environments for the Windows platform from Siemens, Germany, which stems from the fact that certain authentication is not performed when interacting with them. An unauthenticated remote attacker could...
Siemens LOGO! 8 BM 输入验证错误漏洞
A security vulnerability exists in Siemens LOGO! 8 BM, a programming software for the Windows platform used in industrial environments from Siemens, Germany. The vulnerability stems from the inability to properly validate offset values defined in TCP packets when calling methods. An attacker coul...
Siemens LOGO! 8 BM 数据伪造问题漏洞
Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in Siemens LOGO! 8 BM prior to version 8.3, which arises from loading a firmware update without checking for authenticity. The vulnerability can ...
Siemens LOGO! 8 BM 安全漏洞
Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens, Germany. A security vulnerability exists in Siemens LOGO! 8 BM that allows manipulation of the device executing CL in a way that prevents it from handling operations correctly and...