PT-2020-16032 · Siemens · Logo! 8 Bm

Published

2020-12-14

Updated

2020-12-16

CVE-2020-25235

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM (incl. SIPLUS variants) versions prior to V8.3

Description A security issue has been identified where the password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins.

Recommendations For versions prior to V8.3, update to version V8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation. Avoid using the LOGO! Website and the LOGO! Access Tool over unsecured networks until the issue is resolved.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-25235

Affected Products

Logo! 8 Bm

PT-2020-16032 · Siemens · Logo! 8 Bm

CVE-2020-25235

Weakness Enumeration

Related Identifiers

Affected Products

References · 4