CVE-2019-10920

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM (incl. SIPLUS variants) versions prior to V8.3

Description A security issue has been identified where project data stored on the device can be decrypted due to a hardcoded encryption key. This data is accessible via port 10005/tcp. An unauthenticated attacker with network access to this port can exploit the issue without requiring any user interaction, impacting the confidentiality of the device. At the time of reporting, there were no known public exploits of this issue.

Recommendations For versions prior to V8.3, update to version V8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to port 10005/tcp to minimize the risk of exploitation.