CVE-2017-12740
26.12.2017, 04:29
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.Enginsight
| Vendor | Product | Version |
|---|---|---|
| siemens | logo\!_soft_comfort | 𝑥 < 8.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-494 - Download of Code Without Integrity CheckThe product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
- CWE-345 - Insufficient Verification of Data AuthenticityThe software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.