PT-2020-19642 · Siemens · Logo! 8 Bm

Published

2020-07-14

Updated

2020-07-22

CVE-2020-7593

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM (incl. SIPLUS variants) versions V1.81.01 through V1.81.03 LOGO! 8 BM (incl. SIPLUS variants) version V1.82.01 LOGO! 8 BM (incl. SIPLUS variants) version V1.82.02

Description A buffer overflow issue exists in the Web Server functionality, allowing a remote unauthenticated attacker to send a specially crafted HTTP request to cause memory corruption, potentially resulting in remote code execution.

Recommendations For versions V1.81.01 through V1.81.03, consider disabling the Web Server functionality until a patch is available. For version V1.82.01, consider disabling the Web Server functionality until a patch is available. For version V1.82.02, consider disabling the Web Server functionality until a patch is available. As a temporary workaround, restrict access to the Web Server to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2020-7593

Affected Products

Logo! 8 Bm

PT-2020-19642 · Siemens · Logo! 8 Bm

CVE-2020-7593

Weakness Enumeration

Related Identifiers

Affected Products

References · 4