CVE-2020-7589
Description
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker on the network can read and modify the device configuration and obtain project files via port 135/TCP in all versions of LOGO! 8 BM.
Vulnerability
A missing authentication for critical function vulnerability (CWE-306) exists in all versions of LOGO! 8 BM, including SIPLUS variants [1]. The vulnerability can be exploited by accessing port 135/TCP, which is enabled by default. No user interaction or authentication is required [1].
Exploitation
An unauthenticated attacker with network access to the affected device can directly connect to port 135/TCP. The attacker does not need any prior credentials or user interaction. The low skill level required to exploit this vulnerability suggests that the attack sequence is straightforward [1].
Impact
Successful exploitation allows the attacker to read and modify the device configuration and obtain project files from the device. This impacts confidentiality, integrity, and availability of the device, with a CVSS v3 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) [1].
Mitigation
Starting with version 8.3 of LOGO! 8 BM, port 135/TCP can be disabled. Siemens recommends disabling this port when possible. General defense-in-depth measures, including network access protection according to the system manual, should be applied. At the time of publication, no public exploitation was known [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: all versions
- Siemens/LOGO! 8 BM (incl. SIPLUS variants)v5Range: All versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- cert-portal.siemens.com/productcert/pdf/ssa-817401.pdfmitrex_refsource_MISC
- www.us-cert.gov/ics/advisories/icsa-20-161-03mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.