CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2019-10921 – Siemens LOGO! 8 Recoverable Password Format
https://notcve.org/view.php?id=CVE-2019-10921
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. • http://packetstormsecurity.com/files/153124/Siemens-LOGO-8-Recoverable-Password-Format.html http://seclists.org/fulldisclosure/2019/May/49 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/74 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 3CVE-2019-10919 – Siemens LOGO! 8 Missing Authentication
https://notcve.org/view.php?id=CVE-2019-10919
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. • http://packetstormsecurity.com/files/153123/Siemens-LOGO-8-Missing-Authentication.html http://seclists.org/fulldisclosure/2019/May/45 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/73 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10920 – Siemens LOGO! 8 Hard-Coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2019-10920
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. • http://packetstormsecurity.com/files/153122/Siemens-LOGO-8-Hard-Coded-Cryptographic-Key.html http://seclists.org/fulldisclosure/2019/May/44 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/72 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12735
https://notcve.org/view.php?id=CVE-2017-12735
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. • http://www.securityfocus.com/bid/100561 https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12734
https://notcve.org/view.php?id=CVE-2017-12734
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. • http://www.securityfocus.com/bid/100560 https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-895: SFP Primary Cluster: Information Leak •