CVE-2020-25234

EUVD-2020-17924

14.12.2020, 21:15

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.7 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Affected Products (NVD)

Vendor	Product	Version
siemens	logo\!_8_bm_firmware	𝑥 < 8.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-321 - Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf