CVE-2019-10921 – Siemens LOGO! 8 Recoverable Password Format
https://notcve.org/view.php?id=CVE-2019-10921
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. • http://packetstormsecurity.com/files/153124/Siemens-LOGO-8-Recoverable-Password-Format.html http://seclists.org/fulldisclosure/2019/May/49 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/74 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVE-2019-10919 – Siemens LOGO! 8 Missing Authentication
https://notcve.org/view.php?id=CVE-2019-10919
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. • http://packetstormsecurity.com/files/153123/Siemens-LOGO-8-Missing-Authentication.html http://seclists.org/fulldisclosure/2019/May/45 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/73 • CWE-306: Missing Authentication for Critical Function •
CVE-2019-10920 – Siemens LOGO! 8 Hard-Coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2019-10920
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. • http://packetstormsecurity.com/files/153122/Siemens-LOGO-8-Hard-Coded-Cryptographic-Key.html http://seclists.org/fulldisclosure/2019/May/44 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/72 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •