PT-2019-2288 · Siemens · Logo! 8 Bm

Manuel Stotz

Published

2019-05-14

Updated

2022-01-04

CVE-2019-10921

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM versions prior to V8.3

Description The issue is related to the storage of unencrypted passwords in the project data. An attacker with network access to port 10005/tcp could exploit this to obtain device passwords. No user interaction is required for exploitation, and it affects the confidentiality of the device. At the time of reporting, there were no known public exploits.

Recommendations For versions prior to V8.3, update to version V8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to port 10005/tcp to minimize the risk of exploitation.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-255CWE-256

Related Identifiers

BDU:2019-02059

CVE-2019-10921

Affected Products

Logo! 8 Bm

PT-2019-2288 · Siemens · Logo! 8 Bm

CVE-2019-10921

Weakness Enumeration

Related Identifiers

Affected Products

References · 8