CVE-2022-36360
https://notcve.org/view.php?id=CVE-2022-36360
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. • https://cert-portal.siemens.com/productcert/pdf/ssa-928782.pdf • CWE-345: Insufficient Verification of Data Authenticity CWE-354: Improper Validation of Integrity Check Value •
CVE-2020-25234
https://notcve.org/view.php?id=CVE-2020-25234
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVE-2020-25233
https://notcve.org/view.php?id=CVE-2020-25233
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. Se ha identificado una vulnerabilidad en LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVE-2020-25232
https://notcve.org/view.php?id=CVE-2020-25232
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp. Se ha identificado una vulnerabilidad en LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2020-25235
https://notcve.org/view.php?id=CVE-2020-25235
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-522: Insufficiently Protected Credentials •