VYPR

LOGO! 8 BM

by Siemens Foundation

CVEs (15)

  • CVE-2020-25228CriDec 14, 2020
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected…

  • CVE-2020-7593CriJul 14, 2020
    risk 0.64cvss 9.8epss 0.09

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A…

  • CVE-2019-10919CriMay 14, 2019
    risk 0.61cvss 9.4epss 0.03

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port.…

  • CVE-2020-7589CriJun 10, 2020
    risk 0.59cvss 9.1epss 0.02

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by…

  • CVE-2020-25234HigDec 14, 2020
    risk 0.50cvss 7.7epss 0.00

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a…

  • CVE-2022-36360HigOct 11, 2022
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This…

  • CVE-2020-25235HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive…

  • CVE-2020-25232HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an…

  • CVE-2020-25230HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device.

  • CVE-2020-25229HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the…

  • CVE-2019-10921HigMay 14, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited…

  • CVE-2017-12734HigAug 30, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface.…

  • CVE-2017-12735HigAug 30, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.

  • CVE-2020-25233MedDec 14, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device.

  • CVE-2020-25231MedDec 14, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential…