CVE-2020-25228
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.
Se ha identificado una vulnerabilidad en LOGO! 8 BM (incluyendo variantes SIPLUS) (Todas las versiones anteriores a V8.3). Un servicio disponible en el puerto 10005/tcp de los dispositivos afectados podría permitir el acceso completo a todos los servicios sin autorización. Un atacante podría obtener el control total sobre un dispositivo afectado, si tiene acceso a este servicio. El manual del sistema recomienda proteger el acceso a este puerto
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-10 CVE Reserved
- 2020-12-14 CVE Published
- 2023-08-30 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf | 2020-12-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Logo\! 8 Bm Firmware Search vendor "Siemens" for product "Logo\! 8 Bm Firmware" | < 8.3 Search vendor "Siemens" for product "Logo\! 8 Bm Firmware" and version " < 8.3" | - |
Affected
| in | Siemens Search vendor "Siemens" | Logo\! 8 Bm Search vendor "Siemens" for product "Logo\! 8 Bm" | - | - |
Safe
|