OTPulse
FeedAboutContact

Siemens LOGO! Soft Comfort

Plan Patch8.4ICS-CERT ICSA-21-103-09Apr 13, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Two vulnerabilities (path traversal and unsafe library loading) in LOGO! Soft Comfort versions prior to 8.4 allow an attacker with local file system access to execute arbitrary code with the privileges of the running software. No public exploits currently exist, and the vulnerabilities are not remotely exploitable. Siemens has released version 8.4 with fixes.

What this means
What could happen
An attacker with local access to an engineering workstation running LOGO! Soft Comfort could gain administrative control of the system, potentially allowing them to modify or delete PLC project files, disrupt programming and configuration of LOGO! controllers, or introduce malicious logic into automation logic.
Who's at risk
Water utilities, electric utilities, and other municipal operators who use Siemens LOGO! controllers for PLC automation and programming with the LOGO! Soft Comfort engineering software on their workstations. This primarily affects small-to-medium automation systems and building automation in utilities.
How it could be exploited
An attacker must first obtain local file system access to the engineering workstation where LOGO! Soft Comfort is installed. They could then exploit path traversal (CWE-22) or unsafe library loading (CWE-427) flaws to execute arbitrary code with the privileges of the user running the software. If the software runs with administrative privileges, the attacker gains full system control.
Prerequisites
  • Local file system access to the engineering workstation
  • LOGO! Soft Comfort version prior to 8.4 installed and running
  • Preferably: software running with administrative privileges (increases impact but not required for exploitation)
Local access required (reduces remote risk but physical/insider threat remains)No authentication required for exploitation once local access obtainedLow complexity attackAffects engineering and configuration systemsSoftware often runs with elevated privileges by default
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
LOGO! Soft Comfort<V8.48.4
Remediation & Mitigation
0/5
Do now
0/3
WORKAROUNDRun LOGO! Soft Comfort with standard user privileges, not administrator privileges
WORKAROUNDRestrict file system access to LOGO! project files to trusted engineering staff only
WORKAROUNDOnly import project files from known-trusted sources and verify their integrity before use
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LOGO! Soft Comfort to version 8.4 or later
Long-term hardening
0/1
HARDENINGImplement physical and logical access controls to restrict who can access engineering workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f10b0271-0b15-488e-9fac-578f234da072
Siemens LOGO! Soft Comfort | CVSS 8.4 - OTPulse