VDB

ICSA-24-228-05

ICSA-24-228-05 PUBLISHED CVSS 4.599999904632568 MEDIUM

LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM and the SIPLUS LOGO! V8.4 BM product families for all affected devices in which the vulnerability is fixed. See the chapter "Additional Information" below for more details.

Risk Scores

CVSS v3.1
4.599999904632568
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1)
LOGO! 24RCE (6ED1052-1HB08-0BA1)
SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1)
LOGO! 24CEo (6ED1052-2CC08-0BA1)
LOGO! 12/24RCEo (6ED1052-2MD08-0BA1)
SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1)
SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1)
SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1)
SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1)
LOGO! 24RCEo (6ED1052-2HB08-0BA1)
LOGO! 12/24RCE (6ED1052-1MD08-0BA1)
SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1)
LOGO! 230RCEo (6ED1052-2FB08-0BA1)
LOGO! 230RCE (6ED1052-1FB08-0BA1)
LOGO! 24CE (6ED1052-1CC08-0BA1)
SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1)

Timeline

  • Aug 13, 2024 CVE Published
  • Oct 8, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›