CVE-2020-25231
EUVD-2020-1792114.12.2020, 21:15
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| siemens | logo\!_8_bm_firmware | 𝑥 < 8.3 |
| siemens | logo\!_soft_comfort | 𝑥 < 8.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-321 - Use of Hard-coded Cryptographic KeyThe use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.