Siemens LOGO! Web Server
Act Now9.8ICS-CERT ICSA-20-196-08Jul 14, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The LOGO! 8 BM web server contains a buffer overflow vulnerability (CWE-120) in request parsing. An unauthenticated remote attacker can send a crafted HTTP request to trigger the overflow and execute arbitrary code with device administrator privileges. The vulnerability affects firmware versions 1.81.01–1.81.03 and 1.82.01–1.82.02. Siemens has released patched versions: 1.81.04, 1.82.03, and 1.82.04. No public exploits currently exist, but the EPSS score of 17.3% indicates moderate exploit probability.
What this means
What could happen
An attacker with network access to the LOGO! 8 BM device could run arbitrary code through a buffer overflow in the web server, potentially gaining full control of the controller and altering industrial processes or causing equipment shutdown.
Who's at risk
Water utilities, electric utilities, and other municipal operators relying on Siemens LOGO! 8 BM controllers for process automation should assess whether these devices are used in their facilities. The LOGO! 8 BM is commonly used in small to mid-size automation tasks, such as pump control, water level monitoring, and process sequencing. If exposed to network access, the devices are at risk.
How it could be exploited
An attacker sends a specially crafted HTTP request to the web server port on the LOGO! 8 BM controller. The request triggers a buffer overflow in the web server code, allowing the attacker to execute arbitrary commands with the same privileges as the web server process (typically device administrator level).
Prerequisites
- Network connectivity to the LOGO! 8 BM device on the web server port (typically port 80 or 443)
- No authentication required—the vulnerable code is executed during request parsing before credential checks
Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (17.3%)Buffer overflow in widely deployed deviceAffects process control devices
Exploitability
High exploit probability (EPSS 17.3%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
LOGO! 8 BM (incl.'SIPLUS variants): V1.81.01 - V1.81.03≥ V1.81.01|≤ V1.81.031.81.04
LOGO! 8 BM (incl.'SIPLUS variants): V1.82.01V1.82.011.82.03
LOGO! 8 BM (incl.'SIPLUS variants): V1.82.02V1.82.021.82.04
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDConfigure firewalls to restrict network access to LOGO! 8 BM web server ports (port 80/443) from the business network and Internet
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate LOGO! 8 BM devices running v1.81.01–1.81.03 to firmware v1.81.04
HOTFIXUpdate LOGO! 8 BM devices running v1.82.01 to firmware v1.82.03
HOTFIXUpdate LOGO! 8 BM devices running v1.82.02 to firmware v1.82.04
Long-term hardening
0/2HARDENINGIsolate LOGO! 8 BM devices on a separate OT network segment, not connected to or accessible from corporate IT systems or the Internet
HARDENINGIf remote access to LOGO! 8 BM is required, use a VPN with encryption and multi-factor authentication, and ensure the VPN is kept current with security patches
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a0daad06-a0d2-4299-87ad-5f520f378980