Deserialization in Siemens Logo! Soft Comfort

CVE-2019-10924

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploi…

Vulnerability class: Insecure Deserialization

EPSS: 0.004 (59.4th percentile) — read the EPSS interpretation.

Affected products

Siemens Logo! Soft Comfort — versions All versions < V8.3

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

108368 (vdb-entry, x_refsource_BID)
cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf (x_refsource_MISC)