CVE-2020-25232

Summary

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp.

Affected Software

VendorProductVersion RangeStatus
SiemensLOGO! 8 BM (incl. SIPLUS variants)All versions < V8.3affected

Weaknesses

  • CWE-327: CWE-327: Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CVE Program Container

Additional References

References