← Back to home
SIEMENS-SSA-774850  ·  Published 2020-02-10  ·  View on Siemens ProductCERT ↗

SSA-774850 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!8 devices

CVSS N/A MEDIUM

Risk Summary

<p>Two vulnerabilities have been identified in SIEMENS LOGO!8 devices. The Session ID on the integrated webserver of LOGO!8 devices is not invalidated upon logout. The second vulnerability could allow an attacker with network access to port 10005/tcp to cause a Denial-of-Service condition by sending specifically crafted packages to the service.</p> <p>Siemens provides a firmware update for the latest version of LOGO!8 devices. For older versions, the device needs to be upgraded (see table below).</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-774850 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!8 devices See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more