CVE-2019-10919

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM (incl. SIPLUS variants) versions prior to V8.3

Description A security issue has been identified that allows attackers with access to port 10005/tcp to reconfigure devices and obtain project files. This can be exploited by an unauthenticated attacker with network access to the mentioned port, without requiring any user interaction. The issue affects the confidentiality, integrity, and availability of the device. At the time of reporting, there were no known public exploitations of this issue. The exploitation is related to errors in access control.

Recommendations For versions prior to V8.3, as a temporary workaround, consider restricting access to port 10005/tcp to minimize the risk of exploitation. Additionally, follow the system manual's recommendation to protect access to this port. At the moment, there is no information about a newer version that contains a fix for this vulnerability.