CVE-2019-10920
Description
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A hardcoded encryption key in Siemens LOGO! 8 BM (versions < V8.3) allows unauthenticated attackers to decrypt project data via port 10005/tcp.
Vulnerability
A hardcoded encryption key is used to protect project data stored on Siemens LOGO! 8 BM (including SIPLUS variants) devices. All versions prior to V8.3 are affected. The project data is accessible via TCP port 10005/tcp, and the embedded key allows decryption without authentication. [1]
Exploitation
An unauthenticated attacker with network access to port 10005/tcp can retrieve the encrypted project data and decrypt it using the hardcoded key. No user interaction or authentication is required. The attacker simply connects to the port and obtains the data. [1]
Impact
Successful exploitation leads to disclosure of the project data, which may contain sensitive configuration information, credentials, or operational parameters. The confidentiality of the device is compromised. No impact on integrity or availability is described. [1]
Mitigation
Siemens released firmware version V8.3 to address this vulnerability. Users should update to V8.3 or later. No workarounds are mentioned. At the time of advisory publication, no public exploitation was known. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < V8.3
- Siemens/LOGO! 8 BM (incl. SIPLUS variants)v5Range: All versions < V8.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- packetstormsecurity.com/files/153122/Siemens-LOGO-8-Hard-Coded-Cryptographic-Key.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/May/44mitremailing-listx_refsource_FULLDISC
- www.securityfocus.com/bid/108382mitrevdb-entryx_refsource_BID
- cert-portal.siemens.com/productcert/pdf/ssa-542701.pdfmitrex_refsource_MISC
- seclists.org/bugtraq/2019/May/72mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.