Siemens LOGO! (Update A)

Act Now9.4ICS-CERT ICSA-20-161-03Jun 9, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens LOGO! 8 BM has a vulnerability that allows remote access to the device without authentication (CWE-306). The device listens on Port 135/TCP, which can be exploited by an attacker with network access to run unauthorized commands or access sensitive data. Starting with Version 8.3, Port 135/TCP can be disabled as a mitigation.

What this means

What could happen

An attacker with network access to the device could bypass authentication and execute commands on the LOGO! controller, potentially altering process logic, modifying setpoints, or disrupting normal operations of connected industrial equipment.

Who's at risk

Water utilities and municipal electric systems using Siemens LOGO! 8 BM programmable logic controllers (PLCs) for process automation, pump control, or other critical functions should assess their exposure. This includes any industrial facility that relies on LOGO! 8 BM for local control logic without network isolation.

How it could be exploited

An attacker on the network sends a request to Port 135/TCP on the LOGO! 8 BM device. Because the device does not properly enforce authentication (CWE-306), the attacker gains direct access to execute commands without valid credentials.

Prerequisites

Network access to Port 135/TCP on the LOGO! 8 BM device
Device running firmware version prior to 8.3 (versions 8.3+ allow port 135 to be disabled)
Port 135 enabled on the device (default configuration)

remotely exploitableno authentication requiredlow complexityno patch available for versions prior to 8.3affects programmable logic controllers driving physical operations

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

LOGO! 8 BM (incl.'SIPLUS variants): All versionsAll versions8.3 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDIf upgrade to version 8.3+ is not immediately possible, disable or block incoming access to Port 135/TCP at the network firewall or switch level to prevent remote connections to the device.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade LOGO! 8 BM firmware to version 8.3 or later and disable Port 135/TCP through the device configuration.

Long-term hardening

0/2

HARDENINGIsolate LOGO! 8 BM devices from the business network and Internet. Place them behind a firewall and ensure they are only accessible from your engineering workstations or control network via a secure, restricted network segment.

HARDENINGReview network topology to ensure LOGO! 8 BM devices are not directly reachable from the Internet or untrusted networks.

CVEs (1)

CVE-2020-7589

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7a2d0ce8-2067-4e2d-b353-8cebde69d37f