LOGO owners on alert
Siemens has plugged a man-in-the-middle vulnerability in its LOGO!8 BM FS-05 industrial automation hardware – but a second remains unpatched. The vulnerabilities were turned up by German researcher Maxim Rupp. According to Siemens' advisory, CVE-2017-12734 can be exploited by an attacker to sniff the session ID from an active user session. If the devices' admin web server is visible from the internet and a user is logged in, that would allow a remote attacker to hijack the admin session. The e...