CVE-2020-25228

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.

Published: Dec 14, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-25228
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
siemens / logo!_8_bm_firmware	-	8.3

https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf

Vulnerability Database

289,599

CVE-2020-25228