Vulnerability in Siemens Logo! 8 Bm (Incl. Siplus Variants)

CVE-2019-10920

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vu…

EPSS: 0.008 (73.8th percentile) — read the EPSS interpretation.

Affected products

Siemens Logo! 8 Bm (Incl. Siplus Variants) — versions All versions < V8.3

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

References

108382 (vdb-entry, x_refsource_BID)
20190529 [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321) (mailing-list, x_refsource_BUGTRAQ)
20190529 [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321) (mailing-list, x_refsource_FULLDISC)
cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf (x_refsource_MISC)
packetstormsecurity.com/files/153122/Siemens-LOGO-8-Hard-Coded-Cryptographic-Ke… (x_refsource_MISC)