Siemens LOGO! 8 BM Devices

Monitor7.6ICS-CERT ICSA-25-317-13Nov 11, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

LOGO! 8 BM devices (and SIPLUS variants) contain multiple vulnerabilities that allow remote code execution, denial of service, or unauthorized behavior modification. The devices lack proper input validation and authentication controls. All firmware versions are affected. Siemens is preparing fixes but has not yet released them. Until patches are available, network isolation and firewall protection are the primary mitigations.

What this means

What could happen

An attacker with network access to a LOGO! 8 BM device could execute arbitrary code, crash the device causing process interruption, or alter its control logic and outputs. This could disrupt automated processes in building automation, HVAC systems, or other industrial control applications.

Who's at risk

Building automation engineers, facilities managers, and industrial control operators using Siemens LOGO! 8 BM controllers should assess their deployments immediately. These compact PLCs are commonly used in HVAC systems, lighting control, motor control, and small-to-medium automation tasks in commercial and industrial buildings. Both standard LOGO! and SIPLUS (industrial temperature-hardened) variants are affected across all firmware versions.

How it could be exploited

An attacker on the same network segment as the LOGO! 8 BM device could send a specially crafted network request to the device. The device lacks proper input validation (CWE-120) and authentication checks (CWE-306), allowing the attacker to execute arbitrary code directly on the controller or trigger a crash.

Prerequisites

Network access to the LOGO! 8 BM device (directly reachable or via same network segment)
No valid credentials required
No special configuration or device state required

remotely exploitableno authentication requiredlow complexityno patch availableaffects automation and control systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (16)

16 EOL

ProductAffected VersionsFix Status

LOGO! 12/24RCEAll versionsNo fix (EOL)

LOGO! 12/24RCEoAll versionsNo fix (EOL)

SIPLUS LOGO! 12/24RCEAll versionsNo fix (EOL)

SIPLUS LOGO! 12/24RCEoAll versionsNo fix (EOL)

LOGO! 230RCEAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to LOGO! 8 BM devices using firewall rules, VLANs, or air-gapping. Only allow connections from authorized engineering workstations and control systems.

HARDENINGImplement network segmentation to isolate LOGO! 8 BM devices from untrusted networks (e.g., corporate IT, guest WiFi, Internet).

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens advisories and apply firmware patches as soon as they become available. Siemens is preparing fix versions.

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: LOGO! 12/24RCE, LOGO! 12/24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, SIPLUS LOGO! 24CE, SIPLUS LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo. Apply the following compensating controls:

HARDENINGFollow Siemens operational guidelines for Industrial Security to harden the device environment (consult product manuals and operational documentation).

CVEs (3)

CVE-2025-40815 CVE-2025-40816 CVE-2025-40817

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e19172b8-97ae-4290-8aa5-18bc83c21b90