CVE-2020-7589
published 2020-06-10CVE-2020-7589: A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the…
PriorityP266critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.99%
78.2th percentile
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | logo!_8_bm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
53441 - 53445, 53484
- →Monitor for unauthenticated network packets targeting TCP port 135 on Siemens LOGO! 8 BM devices; exploitation requires no user interaction and no credentials. ↗
- →Detect specially crafted TDE service 'NFSAccess' delete requests that attempt to delete critical system data on the device. ↗
- →Detect specially crafted TDE service 'DELETEPROG' requests that erase program information on the device. ↗
- →Detect sequences of malicious packets to the TDE service 'NFSAccess' upload function that write or overwrite files to the local SD card. ↗
- ·Starting with LOGO! 8 BM Version 8.3, TCP port 135 can be disabled — confirm whether the port is enabled or disabled in your deployment before tuning detection rules. ↗
- ·Snort rules 53441–53445 and 53484 are subject to change; always pull the latest rule versions from Firepower Management Center or Snort.org before deploying. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ppw3-jw8r-c26q: A vulnerability has been identified in LOGO!8 BM (incl
ghsa_unreviewed·2022-05-24
CVE-2020-7589 [MEDIUM] CWE-306 GHSA-ppw3-jw8r-c26q: A vulnerability has been identified in LOGO!8 BM (incl
A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
CISA ICS
Siemens LOGO! (Update A)
cisa_ics·2020-06-09·CVSS 9.1
[CRITICAL] Siemens LOGO! (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens LOGO! (Update A)
Last RevisedDecember 08, 2020
Alert CodeICSA-20-161-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: LOGO!
- Vulnerability: Missing Authentication for Critical Function
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-161-03 Siemens LOGO! that was published June 9, 2020, to the ICS webpage on us-cert.gov
## 3. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to read and modif
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
blogs_talos·2020-06-09·CVSS 9.1
CVE-2020-7593 [CRITICAL] Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw.
Update (July 15, 2020): Siemens patched another vulnerability that affects the LOGO! PLC's web server. CVE-2020-7593 could allow an adversary to execute remote code on the victim machine and was assigned a severity score of 10 out of 10.
Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industrial control systems and other commercial and home settings. The product contains several vulnerabilities that an adversary could use to carry out a variety of malicious activities.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Sieme
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
blogs_talos·2020-06-09·CVSS 9.1
CVE-2020-7593 [CRITICAL] Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
## Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw.
Update (July 15, 2020): Siemens patched another vulnerability that affects the LOGO! PLC's web server. CVE-2020-7593 could allow an adversary to execute remote code on the victim machine and was assigned a severity score of 10 out of 10.
Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industrial control systems and other commercial and home settings. The product contains several vulnerabilities that an adversary could use to carry out a variety of malicious activities.
In accor
2020-06-10
Published