Denial-of-Service Vulnerability in LOGO! 8 BM

Monitor5.5SSA-783481Mar 9, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A denial-of-service vulnerability in LOGO! 8 BM controllers allows an attacker to crash the device by tricking a user into loading a malicious project file. The vulnerability is rooted in the hardware design. Siemens has released new hardware versions (LOGO! V8.4 BM and SIPLUS LOGO! V8.4 BM) that fix the issue. No firmware updates are available for existing hardware versions.

What this means

What could happen

An attacker could crash a LOGO! 8 BM controller by tricking a user into loading a malicious project file, causing temporary loss of automation control until the device is manually restarted.

Who's at risk

This affects all users running LOGO! 8 BM controllers (12/24RCE, 230RCE, 24CE, 24RCE models and their SIPLUS variants) across all versions. Any organization using these devices for automation in water treatment, electrical distribution, building controls, or other industrial processes should assess their exposure.

How it could be exploited

An attacker crafts a malicious project file and tricks a user (typically an engineer or technician) into loading it onto the controller via the LOGO! programming interface. When the file is processed, it triggers a hardware-level fault that crashes the device.

Prerequisites

User interaction required: an authorized person must load the project file onto the device
Physical or remote access to the engineering workstation or project upload interface

No patch available for existing hardwareRequires user interaction (social engineering)Low exploit complexityAffects availability of control systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (16)

16 EOL

ProductAffected VersionsFix Status

LOGO! 12/24RCEAll versionsNo fix (EOL)

LOGO! 230RCEAll versionsNo fix (EOL)

LOGO! 230RCEoAll versionsNo fix (EOL)

SIPLUS LOGO! 230RCEAll versionsNo fix (EOL)

SIPLUS LOGO! 230RCEoAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDTrain operators and engineers to only load project files from trusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXFor critical applications, upgrade to LOGO! V8.4 BM or SIPLUS LOGO! V8.4 BM hardware versions

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: LOGO! 12/24RCE, LOGO! 230RCE, LOGO! 230RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, SIPLUS LOGO! 24CE, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo, LOGO! 12/24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 24CEo. Apply the following compensating controls:

HARDENINGRestrict physical and network access to LOGO! controllers and engineering workstations to authorized personnel only

HARDENINGImplement network segmentation so LOGO! controllers are isolated from untrusted networks

CVEs (1)

CVE-2020-25236

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4da7143f-75c5-42c1-a3b0-198021d630a5