Vulnerabilities > CVE-2020-25233 - Use of Hard-coded Cryptographic Key vulnerability in Siemens Logo! 8 BM Firmware

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

siemens

CWE-321

NVD

Published: 2020-12-14

Updated: 2020-12-16

Summary

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Logo! 8 BM Firmware - Siemens Logo! 8 BM Firmware 1.81.01 Siemens Logo! 8 BM Firmware 1.81.03 Siemens Logo! 8 BM Firmware 1.81.04 Siemens Logo! 8 BM Firmware 1.82.01 Siemens Logo! 8 BM Firmware 1.82.02 Siemens Logo! 8 BM Firmware 1.82.03 Siemens Logo! 8 BM Firmware 1.82.04	8
Hardware	Siemens Siemens Logo! 8 BM -	1

Common Weakness Enumeration (CWE)

CWE-321 - Use of Hard-coded Cryptographic Key

References

https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf