Siemens LOGO! 8 BM

Monitor5.5ICS-CERT ICSA-21-068-05Mar 9, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A denial-of-service vulnerability in LOGO! 8 BM controllers allows an attacker to crash the device if a user loads a malicious project file. The vulnerability is related to hardware design. All versions of LOGO! 12/24RCE, 12/24RCEo, 230RCE, 230RCEo, 24CE, 24CEo, 24RCE, and 24RCEo, along with SIPLUS variants, are affected. Siemens has fixed this issue in the new LOGO! V8.4 BM and SIPLUS LOGO! V8.4 BM hardware families.

What this means

What could happen

An attacker can crash a LOGO! 8 BM device by tricking a user into loading a malicious project file, causing the controller to stop responding until restarted. This disrupts any automated process controlled by the device.

Who's at risk

Water and electric utilities operating Siemens LOGO! 8 BM smart relays and programmable logic controllers. These compact controllers are commonly used in pump stations, water treatment processes, electrical substation automation, and other small-to-medium industrial automation tasks. Any facility using LOGO! 8 BM variants (12/24RCE, 230RCE, 24CE, 24RCE models, including SIPLUS industrial-rated versions) is affected.

How it could be exploited

An attacker crafts a malicious project file and tricks a user (e.g., via email or USB) into loading it onto an affected LOGO! device using LOGO! Soft Comfort or a compatible engineering tool. The malicious file triggers a hardware-level denial-of-service condition that crashes the device.

Prerequisites

User must load the malicious project file onto the device using engineering software (LOGO! Soft Comfort or equivalent)
Physical or network access to the device's engineering/configuration interface

No patch available (hardware replacement required)User interaction required (social engineering risk)Affects availability / process controlLow exploitation complexity

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (16)

16 EOL

ProductAffected VersionsFix Status

LOGO! 12/24RCEAll versionsNo fix (EOL)

LOGO! 230RCEAll versionsNo fix (EOL)

LOGO! 230RCEoAll versionsNo fix (EOL)

LOGO! 24CEAll versionsNo fix (EOL)

LOGO! 24CEoAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict access to the LOGO! engineering interface and project loading functionality to trusted personnel only; implement access controls on engineering workstations

HARDENINGApply network segmentation and firewall rules to limit access to LOGO! devices from untrusted networks; ensure devices are not directly accessible from the Internet or untrusted VLANs

HARDENINGEducate users and engineers not to load project files from untrusted sources; implement a process for validating and testing project files before deployment to production devices

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXReplace affected LOGO! 8 BM devices with new LOGO! V8.4 BM or SIPLUS LOGO! V8.4 BM hardware versions where the vulnerability is fixed

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: LOGO! 12/24RCE, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, SIPLUS LOGO! 24CE, SIPLUS LOGO! 24CEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo, LOGO! 12/24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo. Apply the following compensating controls:

HARDENINGFollow Siemens operational guidelines for Industrial Security to harden the overall OT environment

CVEs (1)

CVE-2020-25236

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/048fd7dc-5c74-47d7-a232-40c4d69f3a0e