PT-2020-16026 · Siemens · Logo! 8 Bm

Published

2020-12-14

Updated

2022-04-25

CVE-2020-25229

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM (incl. SIPLUS variants) versions prior to V8.3

Description A security issue has been identified where the encryption used for communication with affected devices is susceptible to replay attacks due to a static key. This could allow an attacker to change passwords or configurations on affected devices by using messages prepared for other devices.

Recommendations For versions prior to V8.3, update to version V8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to affected devices to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-321

Related Identifiers

CVE-2020-25229

Affected Products

Logo! 8 Bm

PT-2020-16026 · Siemens · Logo! 8 Bm

CVE-2020-25229

Weakness Enumeration

Related Identifiers

Affected Products

References · 4