CVE-2019-10921 - A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Une

CVE-2019-10921

Summary

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known

References

Vulnerable Configurations

cpe:2.3:o:siemens:logo\!8_bm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:logo\!8_bm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!8_bm:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!8_bm:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 04-01-2022 - 18:11)
Impact:
Exploitability:

CWE

CWE-256

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	108382
bugtraq	20190529 [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)
fulldisc	20190529 [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)
misc	http://packetstormsecurity.com/files/153124/Siemens-LOGO-8-Recoverable-Password-Format.html https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf

Last major update

04-01-2022 - 18:11

Published

14-05-2019 - 20:29

Last modified

04-01-2022 - 18:11