Siemens LOGO!

Monitor6.1ICS-CERT ICSA-22-286-01Oct 11, 2022

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

LOGO! 8 BM and SIPLUS variants contain a firmware authentication vulnerability (CWE-345) that allows an attacker with physical access to install manipulated firmware packages. This could allow unauthorized changes to the controller's logic or disabling of critical automation functions. The vulnerability is not remotely exploitable and requires direct physical access to the device.

What this means

What could happen

An attacker with physical access to the LOGO! 8 BM device could install malicious firmware, allowing them to alter or disable the logic controller's operation and potentially disrupt the automation process it controls.

Who's at risk

Organizations using Siemens LOGO! 8 BM logic controllers (including SIPLUS hardened variants) in automation and control systems should assess their devices. This affects small to medium-sized PLC deployments in facilities like water treatment plants, HVAC systems, and manufacturing lines that rely on LOGO! 8 for basic automation logic.

How it could be exploited

An attacker must gain physical access to the LOGO! 8 BM device to load a manipulated firmware package onto it. The vulnerability does not require network access or credentials; the attacker exploits a firmware installation mechanism that does not properly verify the authenticity of firmware packages.

Prerequisites

Physical access to the LOGO! 8 BM device
Ability to load firmware packages via the device's installation mechanism
Firmware version earlier than 8.3

Physical access requiredAffects firmware integrityCould allow logic controller compromise

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

LOGO! 8 BM (incl. SIPLUS variants)<V8.38.3

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGObtain and install firmware upgrades only from official Siemens sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LOGO! 8 BM firmware to version 8.3 or later

Long-term hardening

0/1

HARDENINGRestrict physical access to LOGO! 8 BM devices in the plant

CVEs (1)

CVE-2022-36360

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/75f05604-e871-420a-9aa8-5b86fc74c79b