PT-2019-2288 · Siemens · Logo! 8 Bm

Manuel Stotz

Publicado

2019-05-14

Atualizado

2022-01-04

CVE-2019-10921

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM versions prior to V8.3

Description The issue is related to the storage of unencrypted passwords in the project data. An attacker with network access to port 10005/tcp could exploit this to obtain device passwords. No user interaction is required for exploitation, and it affects the confidentiality of the device. At the time of reporting, there were no known public exploits.

Recommendations For versions prior to V8.3, update to version V8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to port 10005/tcp to minimize the risk of exploitation.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-255CWE-256

Identificadores relacionados

BDU:2019-02059

CVE-2019-10921

Produtos afetados

Logo! 8 Bm

PT-2019-2288 · Siemens · Logo! 8 Bm

CVE-2019-10921

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8