Siemens LOGO! Soft Comfort

Risk Summary

ATTENTION: Remotely exploitable.

CVEs (1)

Remediations

• Siemens removed the Update Center from LOGO! Soft Comfort V8.2 and provides SHA-256 checksums for all LOGO! Soft Comfort software packages via a secured HTTPS channel. Siemens recommends verifying legitimacy by comparing the SHA-256 checksum of the downloaded software package with the SHA-256 checksum provided for the software package. Software version 8.2 for LOGO! Soft Comfort and SHA-256 checksums for LOGO! Soft Comfort downloads can be obtained via:
• https://www.siemens.com/logo-update
• As a general security measure, Siemens strongly recommends protecting network access to the devices with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.
• https://www.siemens.com/cert/operational-guidelines-industrial-security
• For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-888929 at the following location:
• http://www.siemens.com/cert/en/cert-security-advisories.htm
• In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:

Affected Vendors

Affected Products (1)

Affected Sectors

Commercial Facilities, Transportation Systems