CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25229
https://notcve.org/view.php?id=CVE-2020-25229
14 Dec 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device. • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25230
https://notcve.org/view.php?id=CVE-2020-25230
14 Dec 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device. Se ha identificado una vulnerabilidad en LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25231
https://notcve.org/view.php?id=CVE-2020-25231
14 Dec 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 42%CPEs: 4EXPL: 1CVE-2020-7593
https://notcve.org/view.php?id=CVE-2020-7593
14 Jul 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-573753.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7589
https://notcve.org/view.php?id=CVE-2020-7589
10 Jun 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. • https://cert-portal.siemens.com/productcert/pdf/ssa-817401.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 4CVE-2019-10919 – Siemens LOGO! 8 Missing Authentication
https://notcve.org/view.php?id=CVE-2019-10919
14 May 2019 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. • https://packetstorm.news/files/id/153123 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2019-10920 – Siemens LOGO! 8 Hard-Coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2019-10920
14 May 2019 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. • https://packetstorm.news/files/id/153122 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2019-10921 – Siemens LOGO! 8 Recoverable Password Format
https://notcve.org/view.php?id=CVE-2019-10921
14 May 2019 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. • https://packetstorm.news/files/id/153124 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12734
https://notcve.org/view.php?id=CVE-2017-12734
30 Aug 2017 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. • http://www.securityfocus.com/bid/100560 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-895: SFP Primary Cluster: Information Leak •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12735
https://notcve.org/view.php?id=CVE-2017-12735
30 Aug 2017 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. • http://www.securityfocus.com/bid/100561 • CWE-300: Channel Accessible by Non-Endpoint •