CVE-2019-10919
Description
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Attackers with network access to port 10005/tcp can reconfigure and obtain project files from LOGO! 8 BM devices due to missing authentication.
Vulnerability
A missing authentication vulnerability in Siemens LOGO! 8 BM (including SIPLUS variants) versions before V8.3 allows unauthenticated network attackers to reconfigure the device and retrieve project files via port 10005/tcp [1].
Exploitation
An unauthenticated attacker with network access to port 10005/tcp can send crafted requests without user interaction to perform device reconfigurations and obtain project files [1].
Impact
Successful exploitation results in loss of confidentiality (disclosure of project files), integrity (device reconfiguration), and availability (potential disruption). The attacker gains full control over the device's configuration [1].
Mitigation
Siemens has released firmware version V8.3 to fix this vulnerability. Users should upgrade to V8.3 or later. As a workaround, restrict network access to port 10005/tcp via firewalls. No public exploitation was known at disclosure [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < V8.3
- Siemens/LOGO! 8 BM (incl. SIPLUS variants)v5Range: All versions < V8.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- packetstormsecurity.com/files/153123/Siemens-LOGO-8-Missing-Authentication.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/May/45mitremailing-listx_refsource_FULLDISC
- www.securityfocus.com/bid/108382mitrevdb-entryx_refsource_BID
- cert-portal.siemens.com/productcert/pdf/ssa-542701.pdfmitrex_refsource_MISC
- seclists.org/bugtraq/2019/May/73mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.