Siemens LOGO! 8 BM Devices

MonitorCVSS 7.6ICS-CERT ICSA-25-317-13Nov 11, 2025

Siemens

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens LOGO! 8 BM controllers (LOGO! 12/24RCE, LOGO! 230RCE, LOGO! 24CE, LOGO! 24RCE, and SIPLUS variants) contain multiple vulnerabilities that allow remote code execution, denial of service, or unauthorized modification of device behavior. The vulnerabilities exist in all versions of affected models. Siemens has not planned to release patches for these products and instead recommends network protection mechanisms and secure configuration practices.

What this means

What could happen

An attacker with network access to a LOGO! 8 BM device could execute arbitrary commands to alter or stop control logic, cause the device to stop responding (denial of service), or change process behavior. This could disrupt critical automation tasks like pump control, lighting, or climate management depending on what the device controls.

Who's at risk

Water utilities, municipal electric systems, and industrial facilities using Siemens LOGO! 8 BM controllers (including SIPLUS variants) for process automation such as pump control, valve actuation, motor starting, or lighting management should implement network access controls immediately. The vulnerability affects all versions of all LOGO! 8 BM models.

How it could be exploited

An attacker on the same network subnet as a LOGO! 8 BM device (or with routed network access) can send a crafted packet to the device's network interface, exploiting a buffer overflow or missing authentication check to execute code on the device or cause it to become unresponsive.

Prerequisites

Network access to LOGO! 8 BM device (Layer 2 or routed access to device IP address)
No authentication required to exploit the vulnerability

Remotely exploitableNo authentication requiredLow complexity attackNo patch availableAffects control devices

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (16)

16 EOL

ProductAffected VersionsFix Status

LOGO! 12/24RCEAll versionsNo fix (EOL)

LOGO! 12/24RCEoAll versionsNo fix (EOL)

SIPLUS LOGO! 12/24RCEAll versionsNo fix (EOL)

SIPLUS LOGO! 12/24RCEoAll versionsNo fix (EOL)

LOGO! 230RCEAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGSegment LOGO! 8 BM devices onto a separate network or VLAN that restricts access from untrusted IT systems and external networks.

HARDENINGConfigure firewall rules or industrial switch ACLs to block inbound traffic to LOGO! 8 BM devices from any source except engineering workstations and control systems that legitimately communicate with them.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens security advisories and apply vendor firmware patches as soon as they become available.

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: LOGO! 12/24RCE, LOGO! 12/24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, SIPLUS LOGO! 24CE, SIPLUS LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo. Apply the following compensating controls:

HARDENINGReview and implement Siemens' operational guidelines for Industrial Security to establish secure configuration baselines for all LOGO! 8 BM deployments.

CVEs (3)

CVE-2025-40815 CVE-2025-40816 CVE-2025-40817

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e19172b8-97ae-4290-8aa5-18bc83c21b90

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.