As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 5.1
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: LOGO! V8.3 BM Devices
- Vulnerability: Plaintext Storage of a Password
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker with physical access to an affected device to extract user-set passwords from an embedded storage IC.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following products of Siemens, are affected:
- Siemens LOGO! 12/24RCE (6ED1052-1MD08-0BA1): All versions
- Siemens LOGO! 12/24RCEo (6ED1052-2MD08-0BA1): All versions
- Siemens LOGO! 24CE (6ED1052-1CC08-0BA1): All versions
- Siemens LOGO! 24CEo (6ED1052-2CC08-0BA1): All versions
- Siemens LOGO! 24RCE (6ED1052-1HB08-0BA1): All versions
- Siemens LOGO! 24RCEo (6ED1052-2HB08-0BA1): All versions
- Siemens LOGO! 230RCE (6ED1052-1FB08-0BA1): All versions
- Siemens LOGO! 230RCEo (6ED1052-2FB08-0BA1): All versions
- Siemens SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1): All versions
- Siemens SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1): All versions
- Siemens SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1): All versions
- Siemens SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1): All versions
- Siemens SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1): All versions
- Siemens SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1): All versions
- Siemens SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1): All versions
- Siemens SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1): All v
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: