Published: 30/08/2017 Updated: 23/12/2020

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens logo\\!_8_bm_firmware

Siemens patches one security vuln, leaves folks to block second

The Register • Richard Chirgwin • 31 Aug 2017

LOGO owners on alert

Siemens has plugged a man-in-the-middle vulnerability in its LOGO!8 BM FS-05 industrial automation hardware – but a second remains unpatched. The vulnerabilities were turned up by German researcher Maxim Rupp. According to Siemens' advisory, CVE-2017-12734 can be exploited by an attacker to sniff the session ID from an active user session. If the devices' admin web server is visible from the internet and a user is logged in, that would allow a remote attacker to hijack the admin session. The e...

CVE-2017-12735

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect