Siemens LOGO! 8 BM

Plan PatchCVSS 9.8ICS-CERT ICSA-20-343-10Dec 8, 2020

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple weaknesses in LOGO! 8 BM and LOGO! Soft Comfort allow unauthenticated remote attackers to execute arbitrary code on affected devices and software. The vulnerabilities stem from improper cryptographic key management (CWE-321), weak encryption practices (CWE-327), insufficient access controls (CWE-306), and inadequate credential protection (CWE-522). An attacker can send malicious requests to port 10005/TCP to trigger code execution with full device privileges, potentially modifying program logic, disabling safety functions, or permanently corrupting firmware.

What this means

What could happen

An attacker could remotely execute arbitrary code on LOGO! 8 BM controllers or engineering workstations, potentially altering process logic, stopping operations, or corrupting the device firmware without authentication.

Who's at risk

Water authorities and municipal utilities using Siemens LOGO! 8 BM controllers for small industrial automation tasks (pump control, valve sequencing, system monitoring) and engineering staff using LOGO! Soft Comfort software to program and update these controllers.

How it could be exploited

An attacker on the network (or with network access to the device) sends a specially crafted request to port 10005/TCP on the LOGO! 8 BM or Soft Comfort software. The device processes the request without proper validation and executes attacker-supplied code with full privileges. No authentication is required.

Prerequisites

Network access to port 10005/TCP on the affected LOGO! 8 BM device or engineering workstation running LOGO! Soft Comfort
LOGO! 8 BM firmware version prior to v8.3 or LOGO! Soft Comfort version prior to v8.3

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects control logiccould stop operations

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

LOGO! 8 BM (incl.'SIPLUS variants): All<V8.38.3

LOGO! Soft Comfort: All<V8.38.3

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to port 10005/TCP using firewall rules—only allow connections from authorized engineering workstations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LOGO! 8 BM to firmware version 8.3 or later (note: new hardware version may be required)

HOTFIXUpdate LOGO! Soft Comfort to version 8.3 or later

Long-term hardening

0/1

HARDENINGIsolate LOGO! 8 BM controllers and engineering workstations running LOGO! Soft Comfort on a separate control network segment, unreachable from the business network or Internet

CVEs (8)

CVE-2020-25228 CVE-2020-25229 CVE-2020-25230 CVE-2020-25231 CVE-2020-25232 CVE-2020-25233 CVE-2020-25234 CVE-2020-25235

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a4c75cf2-e9ca-482c-b313-31bfadbd1e4a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.