Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8.3 Product CA
Plan Patch7.6SSA-844582Dec 12, 2023
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
LOGO! V8.3 BM devices (including SIPLUS variants) contain a vulnerability that allows electromagnetic fault injection attacks. An attacker with physical access and fault injection equipment could dump the device firmware, read memory contents, and potentially extract or manipulate the LOGO! Product CA certificate authority private key. This would allow injection of malicious code that the device trusts and executes. The vulnerability is inherent to the V8.3 BM hardware architecture. Siemens has fixed the issue in LOGO! V8.4 BM and SIPLUS LOGO! V8.4 BM product families with new hardware versions and rotated Product CA keys.
What this means
What could happen
An attacker with physical access to LOGO! V8.3 BM devices could use electromagnetic fault injection to dump the firmware and manipulate device memory, potentially extracting certificate authority private keys or injecting malicious code that the device will trust.
Who's at risk
Water and electric utility operators running LOGO! V8.3 BM programmable logic controllers (all variants including SIPLUS ruggedized versions) should prioritize mitigation. These devices are commonly used for process automation, motor control, and facility management in treatment plants and substations.
How it could be exploited
An attacker must have physical access to the device and specialized equipment to perform electromagnetic fault injection attacks. Once the attack succeeds, the attacker can read firmware and memory contents, and potentially inject code signed with the LOGO! Product CA certificate, which the device will execute as trusted.
Prerequisites
- Physical access to LOGO! V8.3 BM device
- Electromagnetic fault injection equipment
- Knowledge of device hardware architecture
No patch available for V8.3Affects control device firmware integrityRequires physical access but uses specialized equipmentCould allow code injection trusted by device
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (16)
16 with fix
ProductAffected VersionsFix Status
LOGO! 230RCE≥ V8.3V8.4 BM (hardware upgrade)
LOGO! 230RCEo≥ V8.3V8.4 BM (hardware upgrade)
SIPLUS LOGO! 230RCE≥ V8.3V8.4 BM (hardware upgrade)
LOGO! 24CE≥ V8.3V8.4 BM (hardware upgrade)
LOGO! 24CEo≥ V8.3V8.4 BM (hardware upgrade)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement physical security controls to restrict access to LOGO! devices in control cabinets and equipment rooms
HARDENINGImplement network access restrictions to LOGO! devices using firewalls and access control lists
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade to LOGO! V8.4 BM or SIPLUS LOGO! V8.4 BM hardware versions
Long-term hardening
0/1HARDENINGFollow Siemens operational guidelines for Industrial Security for network segmentation and access controls
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a12bf331-005f-474a-9880-2ec22d9e49ce