CVE-2020-25229

Summary

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.

Affected Software

VendorProductVersion RangeStatus
SiemensLOGO! 8 BM (incl. SIPLUS variants)All versions < V8.3affected

Weaknesses

  • CWE-321: CWE-321: Use of Hard-coded Cryptographic Key

ADP Enrichment

CVE Program Container

Additional References

References