Auth bypass in Siemens Logo! 8 Bm (Incl. Siplus Variants)

CVE-2020-7589

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The securi…

Vulnerability class: Broken Authentication

EPSS: 0.005 (65.1th percentile) — read the EPSS interpretation.

Affected products

Siemens Logo! 8 Bm (Incl. Siplus Variants) — versions All versions

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

cert-portal.siemens.com/productcert/pdf/ssa-817401.pdf (x_refsource_MISC)
www.us-cert.gov/ics/advisories/icsa-20-161-03 (x_refsource_MISC)