Vulnerability in Siemens Logo! 8 Bm (Incl. Siplus Variants)

CVE-2019-10921

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The s…

EPSS: 0.006 (71.2th percentile) — read the EPSS interpretation.

Affected products

Siemens Logo! 8 Bm (Incl. Siplus Variants) — versions All versions < V8.3

Weakness classification (CWE)

CWE-256 — Plaintext Storage of a Password

References

108382 (vdb-entry, x_refsource_BID)
20190529 [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257) (mailing-list, x_refsource_BUGTRAQ)
20190529 [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257) (mailing-list, x_refsource_FULLDISC)
cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf (x_refsource_MISC)
packetstormsecurity.com/files/153124/Siemens-LOGO-8-Recoverable-Password-Format… (x_refsource_MISC)