CVE-2020-7593
Description
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in Siemens LOGO! 8 BM Web Server allows unauthenticated remote code execution via a specially crafted HTTP request.
Vulnerability
The vulnerability is a stack-based buffer overflow in the Web Server component of Siemens LOGO! 8 BM (including SIPLUS variants) running firmware versions V1.81.01 through V1.81.03, V1.82.01, and V1.82.02. When processing HTTP requests, the server fails to validate the length of a URI directory before copying it onto the stack via memcpy, leading to memory corruption. The root cause is located in the u_bm3.bin firmware image at address 0x9be8e [1].
Exploitation
An unauthenticated attacker with network access to the device can trigger the overflow by sending a specially crafted HTTP request with an excessively long URI. No authentication or user interaction is required. A proof-of-concept using curl demonstrates the exploitation by sending a long path [1].
Impact
Successful exploitation results in memory corruption that can be leveraged to achieve remote code execution with the highest privileges on the device. Given the CVSSv3 score of 10.0, the impact is critical, potentially allowing full compromise of the PLC and disruption of industrial control processes [1].
Mitigation
The referenced advisory [1] does not specify a fixed firmware version. Users should contact Siemens for patched firmware releases and apply them promptly. As a workaround, restrict network access to the Web Server to trusted hosts where possible.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: V1.81.01 - V1.81.03, V1.82.01, V1.82.02
- Siemens AG/LOGO! 8 BM (incl. SIPLUS variants)v5Range: V1.82.02
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing length check before copying a URI directory component to a fixed stack buffer allows a stack-based buffer overflow."
Attack vector
A remote unauthenticated attacker sends a specially crafted HTTP request with an overly long URI directory component to the LOGO! device's web server. The server copies the URI directory to a stack buffer using `memcpy` without validating the length, causing a stack-based buffer overflow [CWE-120] [ref_id=1]. This memory corruption can lead to remote code execution. The attack requires no authentication and is exploitable over the network.
Affected code
The vulnerability resides in the HTTP Server of the LOGO! 8 BM firmware (u_bm3.bin). At address 0x9be8e, a `call_memcpy` copies a URI directory component to a fixed stack buffer without checking the length of the attacker-controlled input [ref_id=1].
What the fix does
The vendor patched the vulnerability on 2020-07-14 [ref_id=1]. The advisory does not include a patch diff, but the fix would involve adding a length check before the `memcpy` call at address 0x9be8e to ensure the URI directory component does not exceed the allocated stack buffer size [ref_id=1].
Preconditions
- configThe LOGO! device must have its web server enabled and accessible over the network.
- authNo authentication is required; the attacker can be unauthenticated.
- networkThe attacker must be able to send HTTP requests to the device over the network.
- inputThe attacker sends a crafted HTTP request with an overly long URI directory component.
Reproduction
The advisory provides a proof-of-concept using curl: `curl http://
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- cert-portal.siemens.com/productcert/pdf/ssa-573753.pdfmitrex_refsource_MISC
- www.talosintelligence.com/vulnerability_reports/TALOS-2020-1069mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.