CVE-2020-7593
published 2020-07-14CVE-2020-7593: A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
9.07%
94.7th percentile
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | logo_!_8_bm_firmware | — | — |
| siemens | logo_!_8_bm_firmware | — | — |
| siemens | logo_!_8_bm_firmware | 1.81.01 – 1.81.03 | — |
| siemens_ag | logo!_8_bm | — | — |
| siemens_ag | logo!_8_bm | — | — |
| siemens_ag | logo!_8_bm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
Snort Rules: 53441 - 53445, 53484
- →Exploit vector is a specially crafted unauthenticated HTTP request to the LOGO! 8 BM web server; detect anomalous/oversized HTTP requests targeting the device's web server interface. ↗
- →No authentication is required to trigger the vulnerability; any unauthenticated HTTP request causing memory corruption to the LOGO! web server should be treated as suspicious. ↗
- →CVSS vector indicates network-accessible, no privileges required, no user interaction — prioritize perimeter detection for inbound HTTP to LOGO! 8 BM devices. ↗
- ·Snort rules for this CVE are subject to change; always pull the latest rule definitions from Firepower Management Center or Snort.org rather than relying on static rule numbers. ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication — detection should focus on anomaly-based HTTP inspection rather than signature-matching known exploit payloads. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x26m-wcf2-85xw: A vulnerability has been identified in LOGO! 8 BM (incl
ghsa_unreviewed·2022-05-24
CVE-2020-7593 [HIGH] GHSA-x26m-wcf2-85xw: A vulnerability has been identified in LOGO! 8 BM (incl
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.
CISA ICS
Siemens LOGO! Web Server
cisa_ics·2020-07-14·CVSS 9.8
[CRITICAL] Siemens LOGO! Web Server
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens LOGO! Web Server
Last RevisedJuly 14, 2020
Alert CodeICSA-20-196-08
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: LOGO! Web Server
- Vulnerability: Classic Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of LOGO! Web Server are affected:
- LOGO! 8 BM (incl. SIPLUS variants):
- Versions between 1.81.01 and 1.81.03
- Version 1.82.01
- Ve
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
blogs_talos·2020-06-09·CVSS 9.1
CVE-2020-7593 [CRITICAL] Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw.
Update (July 15, 2020): Siemens patched another vulnerability that affects the LOGO! PLC's web server. CVE-2020-7593 could allow an adversary to execute remote code on the victim machine and was assigned a severity score of 10 out of 10.
Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industrial control systems and other commercial and home settings. The product contains several vulnerabilities that an adversary could use to carry out a variety of malicious activities.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Sieme
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
blogs_talos·2020-06-09·CVSS 9.1
CVE-2020-7593 [CRITICAL] Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
## Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw.
Update (July 15, 2020): Siemens patched another vulnerability that affects the LOGO! PLC's web server. CVE-2020-7593 could allow an adversary to execute remote code on the victim machine and was assigned a severity score of 10 out of 10.
Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industrial control systems and other commercial and home settings. The product contains several vulnerabilities that an adversary could use to carry out a variety of malicious activities.
In accor
2020-07-14
Published