Siemens LOGO! 8 BM Devices

Act Now9.8ICS-CERT ICSA-22-286-13Oct 11, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

LOGO! 8 BM devices (including SIPLUS variants) contain multiple web-related vulnerabilities that could allow remote code execution, denial of service, or memory disclosure. The vulnerabilities are related to hardware design. Siemens has released new hardware versions (LOGO! V8.4 BM and SIPLUS LOGO! V8.4 BM) that fix several of these issues. Affected models include 12/24RCE, 12/24RCEo, 230RCE, 230RCEo, 24CE, 24CEo, and 24RCE variants in both standard and SIPLUS lines.

What this means

What could happen

An attacker on the network could execute arbitrary code on your LOGO! controller, potentially altering program logic, modifying process parameters, or stopping operations; could also crash the device or extract sensitive configuration data from memory.

Who's at risk

Water utilities and municipal electric providers that use Siemens LOGO! 8 BM controllers for automation of water treatment, distribution, wastewater handling, or electrical distribution equipment. Any facility using these controllers in process automation, pump control, or switching logic is at risk if the devices are network-accessible.

How it could be exploited

An attacker with network access to the device could send malformed web requests that exploit buffer overflow or input validation flaws in the web interface to execute code directly on the controller.

Prerequisites

Network access to HTTP/HTTPS port on the LOGO! 8 BM device
No authentication required to trigger vulnerabilities

Remotely exploitableNo authentication requiredNo patch available for existing hardwareHardware-based vulnerabilityHigh CVSS score (9.8)

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (16)

16 EOL

ProductAffected VersionsFix Status

LOGO! 230RCEAll versionsNo fix (EOL)

LOGO! 230RCEoAll versionsNo fix (EOL)

SIPLUS LOGO! 230RCEAll versionsNo fix (EOL)

LOGO! 24CEAll versionsNo fix (EOL)

LOGO! 24CEoAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImplement network access controls to restrict traffic to LOGO! 8 BM devices to only authorized engineering workstations and HMI systems using firewall rules or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXReplace affected LOGO! 8 BM hardware with new LOGO! V8.4 BM or SIPLUS LOGO! V8.4 BM hardware versions that fix multiple vulnerabilities

HARDENINGReview and disable unnecessary web services or features on LOGO! 8 BM devices if supported by firmware

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: LOGO! 230RCE, LOGO! 230RCEo, SIPLUS LOGO! 230RCE, LOGO! 24CE, LOGO! 24CEo, SIPLUS LOGO! 24CE, SIPLUS LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 24RCE, LOGO! 12/24RCE, LOGO! 12/24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCEo, SIPLUS LOGO! 24RCEo. Apply the following compensating controls:

HARDENINGSegment LOGO! 8 BM devices onto a protected network zone with limited connectivity, following Siemens operational guidelines for Industrial Security

CVEs (3)

CVE-2022-36361 CVE-2022-36362 CVE-2022-36363

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9535d479-2e6a-41b7-8ec8-53dc7420044a