cbcvebase.
CVE-2020-7589
published 2020-06-10

CVE-2020-7589: A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the…

PriorityP266critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.99%
78.2th percentile
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected

1 ranges
VendorProductVersion rangeFixed in
siemenslogo!_8_bm

Detection & IOCsextracted from sources · hover to see the quote

port135/tcp
snort
53441 - 53445, 53484
  • Monitor for unauthenticated network packets targeting TCP port 135 on Siemens LOGO! 8 BM devices; exploitation requires no user interaction and no credentials.
  • Detect specially crafted TDE service 'NFSAccess' delete requests that attempt to delete critical system data on the device.
  • Detect specially crafted TDE service 'DELETEPROG' requests that erase program information on the device.
  • Detect sequences of malicious packets to the TDE service 'NFSAccess' upload function that write or overwrite files to the local SD card.
  • ·Starting with LOGO! 8 BM Version 8.3, TCP port 135 can be disabled — confirm whether the port is enabled or disabled in your deployment before tuning detection rules.
  • ·Snort rules 53441–53445 and 53484 are subject to change; always pull the latest rule versions from Firepower Management Center or Snort.org before deploying.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.