cbcvebase.
CVE-2019-10919
published 2019-05-14

CVE-2019-10919: A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device…

PriorityP266critical9.4CVSS 3.1
AVNACLPRNUINSUCHIHAL
EPSS
2.75%
84.3th percentile
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected

2 ranges
VendorProductVersion rangeFixed in
siemenslogo!_8_bm
siemenslogo_!8_bm_firmware< 8.38.3

Detection & IOCsextracted from sources · hover to see the quote

port10005/tcp
  • Monitor and alert on any unauthenticated connections to port 10005/TCP on LOGO! 8 BM devices, as this port exposes device reconfiguration and project file retrieval without authentication.
  • No user interaction is required; any inbound network session to port 10005/TCP from an unauthenticated source should be treated as a high-severity alert on LOGO! 8 BM PLCs.
  • Related CVE-2019-10920: project data accessible via port 10005/TCP can be decrypted due to a hardcoded encryption key — treat any exfiltrated project files from this port as fully compromised.
  • Related CVE-2019-10921: passwords stored in plaintext within project files are retrievable via port 10005/TCP — credential compromise should be assumed if port was exposed.
  • ·The system manual explicitly recommends protecting access to port 10005/TCP; exposure of this port to untrusted networks is a misconfiguration that enables exploitation.
  • ·Remediation requires new hardware — upgrading to LOGO! 8 BM v8.3 is not a software-only update; operators must account for hardware replacement in their patching plans.

CVSS provenance

nvdv3.19.4CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.