PT-2020-16031 · Siemens · Logo! 8 Bm+1

Published

2020-12-14

Updated

2020-12-16

CVE-2020-25234

CVSS v3.1

7.7

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM (incl. SIPLUS variants) versions prior to V8.3 LOGO! Soft Comfort versions prior to V8.3

Description A vulnerability has been identified that allows an attacker to reverse engineer user-defined functions (UDFs) directly from stored program files, despite the UDFs being password protected. The protection is implemented in the software that displays the information.

Recommendations For LOGO! 8 BM (incl. SIPLUS variants) versions prior to V8.3, update to version V8.3 or later to resolve the issue. For LOGO! Soft Comfort versions prior to V8.3, update to version V8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the stored program files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321

Related Identifiers

CVE-2020-25234

Affected Products

Logo! 8 Bm

Logo! Soft Comfort

PT-2020-16031 · Siemens · Logo! 8 Bm+1

CVE-2020-25234

Weakness Enumeration

Related Identifiers

Affected Products

References · 3