CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25233
https://notcve.org/view.php?id=CVE-2020-25233
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. Se ha identificado una vulnerabilidad en LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25232
https://notcve.org/view.php?id=CVE-2020-25232
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp. Se ha identificado una vulnerabilidad en LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25235
https://notcve.org/view.php?id=CVE-2020-25235
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25229
https://notcve.org/view.php?id=CVE-2020-25229
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device. • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25230
https://notcve.org/view.php?id=CVE-2020-25230
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device. Se ha identificado una vulnerabilidad en LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •