Multiple Vulnerabilities in LOGO! 8 BM Devices

Monitor7.6SSA-267056Nov 11, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

LOGO! 8 BM devices (including SIPLUS variants) contain multiple vulnerabilities that could allow a remote attacker to execute code, cause denial of service, or alter device behavior. The vulnerabilities stem from memory safety issues (CWE-120: buffer overflow) and missing authentication checks (CWE-306). All versions of LOGO! 8 BM are affected. Siemens is preparing fix versions but has not yet released patches. Until fixes are available, Siemens recommends network segmentation and adherence to Industrial Security operational guidelines to protect affected devices.

What this means

What could happen

An attacker with network access to a LOGO! 8 BM device could execute arbitrary code on the controller, cause it to stop responding, or alter its programmed logic—potentially disrupting automation, process control, or safety functions that the device manages.

Who's at risk

Water authorities, electric utilities, and manufacturers using Siemens LOGO! 8 BM devices (standard or SIPLUS variants) for small-scale automation, process control, or safety logic. These devices are commonly used to control pumps, motors, valves, lighting, and alarm systems in critical infrastructure and industrial plants.

How it could be exploited

An attacker on the same network segment as the LOGO! 8 BM device could send crafted network packets to trigger memory corruption (buffer overflow) or authentication bypass vulnerabilities, gaining the ability to run code with device privileges or crash it remotely.

Prerequisites

Network access to the LOGO! 8 BM device on the local network segment (Ethernet or adjacent network)
No authentication or credentials required

remotely exploitableno authentication requiredlow complexity attackno patch availableaffects safety-critical devices

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (16)

16 EOL

ProductAffected VersionsFix Status

LOGO! 12/24RCEoAll versionsNo fix (EOL)

SIPLUS LOGO! 12/24RCEAll versionsNo fix (EOL)

SIPLUS LOGO! 12/24RCEoAll versionsNo fix (EOL)

SIPLUS LOGO! 24CEoAll versionsNo fix (EOL)

LOGO! 12/24RCEAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImmediately implement network segmentation to restrict access to LOGO! 8 BM devices; only allow connections from authorized engineering workstations and HMI systems using firewall rules or network switches

HARDENINGDisable or restrict remote management protocols (e.g., HTTP, Modbus TCP) on the LOGO! 8 BM if not required for operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens security advisories and apply firmware updates when vendor patches become available

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: LOGO! 12/24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 24CEo, LOGO! 12/24RCE, LOGO! 230RCE, LOGO! 230RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, SIPLUS LOGO! 24CE, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo. Apply the following compensating controls:

HARDENINGReview and follow Siemens operational guidelines for Industrial Security to harden the IT environment hosting LOGO! 8 BM devices

HARDENINGDocument which LOGO! 8 BM devices are in use and their network location; establish an inventory to track patch status once fixes are released

CVEs (3)

CVE-2025-40815 CVE-2025-40816 CVE-2025-40817

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5b5e9a4f-0ee4-4eda-bc3d-9e8a55464d3f