3 results (0.020 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. • http://packetstormsecurity.com/files/153124/Siemens-LOGO-8-Recoverable-Password-Format.html http://seclists.org/fulldisclosure/2019/May/49 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/74 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •

CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 3

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. • http://packetstormsecurity.com/files/153123/Siemens-LOGO-8-Missing-Authentication.html http://seclists.org/fulldisclosure/2019/May/45 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/73 • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. • http://packetstormsecurity.com/files/153122/Siemens-LOGO-8-Hard-Coded-Cryptographic-Key.html http://seclists.org/fulldisclosure/2019/May/44 http://www.securityfocus.com/bid/108382 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf https://seclists.org/bugtraq/2019/May/72 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •