First published: Mon Dec 14 2020(Updated: )
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Logo\! 8 Bm Firmware | <8.3 | |
Siemens Logo\! 8 Bm |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25230 has been assigned a medium severity rating due to the risk of key extraction through insecure communication.
To fix CVE-2020-25230, update the LOGO! 8 BM firmware to version 8.3 or later.
CVE-2020-25230 affects all versions of LOGO! 8 BM firmware prior to version 8.3.
An attacker could exploit CVE-2020-25230 to extract the encryption key from captured communications occurring on port 10005/tcp.
There are no specific workarounds for CVE-2020-25230; updating to the latest firmware is the recommended solution.