CVE-2019-10921
Description
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LOGO! 8 BM (All versions < V8.3) stores project passwords in unencrypted form, allowing an unauthenticated network attacker to recover them via port 10005/tcp.
Vulnerability
The vulnerability affects LOGO! 8 BM including SIPLUS variants in all versions prior to V8.3. The device stores passwords for the project in an unencrypted format. An attacker with network access to port 10005/tcp can retrieve these passwords from the device without any authentication [1].
Exploitation
An unauthenticated attacker with network connectivity to the device's port 10005/tcp can obtain the stored plaintext passwords. No user interaction is required, and the attacker does not need any prior access or credentials. The exploit can be carried out by simply connecting to the open port and retrieving the project data [1].
Impact
Successful exploitation leads to the disclosure of device passwords, compromising the confidentiality of the device. The attacker could potentially use the recovered passwords to gain further access or perform unauthorized configuration changes, but the primary impact is information disclosure [1].
Mitigation
Siemens has released firmware version V8.3 which addresses this vulnerability by implementing encrypted storage of passwords. Users should update to V8.3 or later. If updating is not possible, restrict network access to port 10005/tcp to trusted hosts only as a workaround. No public exploitation was known at the time of publication [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < V8.3
- Siemens/LOGO! 8 BM (incl. SIPLUS variants)v5Range: All versions < V8.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- packetstormsecurity.com/files/153124/Siemens-LOGO-8-Recoverable-Password-Format.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/May/49mitremailing-listx_refsource_FULLDISC
- www.securityfocus.com/bid/108382mitrevdb-entryx_refsource_BID
- cert-portal.siemens.com/productcert/pdf/ssa-542701.pdfmitrex_refsource_MISC
- seclists.org/bugtraq/2019/May/74mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.