Logo\! Soft Comfort
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25244 | Hig | 0.55 | 8.4 | 0.00 | Apr 22, 2021 | A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). The software insecurely loads libraries which makes it vulnerable to DLL hijacking. Successful exploitation by a local attacker could lead to a takeover of the system where the software is installed. | ||
| CVE-2019-10924 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2019 | A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must… | ||
| CVE-2020-25234 | Hig | 0.50 | 7.7 | 0.00 | Dec 14, 2020 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a… | ||
| CVE-2017-12740 | Med | 0.38 | 5.9 | 0.01 | Dec 26, 2017 | Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. | ||
| CVE-2020-25231 | Med | 0.36 | 5.5 | 0.00 | Dec 14, 2020 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential… | ||
| CVE-2020-25243 | Med | 0.33 | 5.1 | 0.00 | Apr 22, 2021 | A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a… |
- risk 0.55cvss 8.4epss 0.00
A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). The software insecurely loads libraries which makes it vulnerable to DLL hijacking. Successful exploitation by a local attacker could lead to a takeover of the system where the software is installed.
- risk 0.51cvss 7.8epss 0.01
A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must…
- risk 0.50cvss 7.7epss 0.00
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a…
- risk 0.38cvss 5.9epss 0.01
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.
- risk 0.36cvss 5.5epss 0.00
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential…
- risk 0.33cvss 5.1epss 0.00
A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a…