Vulnerabilities > CVE-2020-25234 - Use of Hard-coded Cryptographic Key vulnerability in Siemens Logo! 8 BM Firmware

CVSS 7.7 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

siemens

CWE-321

NVD

Published: 2020-12-14

Updated: 2020-12-16

Summary

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Logo! 8 BM Firmware - Siemens Logo! 8 BM Firmware 1.81.01 Siemens Logo! 8 BM Firmware 1.81.03 Siemens Logo! 8 BM Firmware 1.81.04 Siemens Logo! 8 BM Firmware 1.82.01 Siemens Logo! 8 BM Firmware 1.82.02 Siemens Logo! 8 BM Firmware 1.82.03 Siemens Logo! 8 BM Firmware 1.82.04	8
Hardware	Siemens Siemens Logo! 8 BM -	1

Common Weakness Enumeration (CWE)

CWE-321 - Use of Hard-coded Cryptographic Key

References

https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf