A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for…
siemens·CWE-321·Published 2020-12-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.
Se ha identificado una vulnerabilidad en LOGO! 8 BM (incluyendo variantes SIPLUS) (Todas las versiones anteriores a V8.3). El cifrado implementado para la comunicación con los dispositivos afectados es propenso a reproducir ataques debido al uso de una clave estática. Un atacante podría cambiar la contraseña o cambiar la configuración en cualquier dispositivo afectado si usa mensajes preparados que se generaron para otro dispositivo
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.0 | 10.0 | 2.9 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| 3.1 | Primary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |