CVE-2019-6571

Name of the Vulnerable Software and Affected Versions SIEMENS LOGO!8 versions 6ED1052-xyyxx-0BA8 FS:01 through FS:06 / Firmware version V1.80.xx through V1.81.xx SIEMENS LOGO!8 version 6ED1052-xyy08-0BA0 FS:01 / Firmware version prior to V1.82.02

Description A security issue has been identified that could allow an unauthenticated attacker with network access to cause a Denial-of-Service condition by sending specially crafted packets to port 10005/tcp of the LOGO! device. No user interaction is required to exploit this issue, and successful exploitation compromises the availability of the targeted system. The issue is related to improper access control. At the time of advisory publication, no public exploitation of this issue was known.

Recommendations For SIEMENS LOGO!8 versions 6ED1052-xyyxx-0BA8 FS:01 through FS:06 / Firmware version V1.80.xx through V1.81.xx, update to a version with a firmware version of V1.82.02 or later. For SIEMENS LOGO!8 version 6ED1052-xyy08-0BA0 FS:01 / Firmware version prior to V1.82.02, update to a version with a firmware version of V1.82.02 or later. As a temporary workaround, consider restricting access to port 10005/tcp to minimize the risk of exploitation.