Security News > 2020 > June > Critical Vulnerabilities Expose Siemens LOGO! Controllers to Attacks
Siemens' LOGO! programmable logic controllers are affected by critical vulnerabilities that can be exploited remotely to launch denial-of-service attacks and modify the device's configuration.
According to Siemens, the vulnerabilities impact all versions of its LOGO!8 BM devices, which are designed for basic control tasks.
Siemens says an unauthenticated attacker who has network access to TCP port 135 can exploit the vulnerabilities to read and modify a device's configuration and obtain project files, without user interaction.
While the advisories published this week by Siemens and CISA mention a single vulnerability, Cisco's Talos threat intelligence and research group, which the vendor has credited for the findings, says there are actually three missing authentication flaws tracked under the same CVE identifier, CVE-2020-7589.
According to advisories published by Talos, all three vulnerabilities are related to the TDE text display functionality of LOGO! products, and they can all be exploited by sending specially crafted packets to the targeted system.
News URL
Related news
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-10 | CVE-2020-7589 | Missing Authentication for Critical Function vulnerability in Siemens Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 8 BM (incl. | 6.4 |