OTPulse
FeedAboutContact

Firmware Authenticity Vulnerability in LOGO! 8 BM Devices

Monitor6.1SSA-928782Oct 11, 2022
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

LOGO! 8 BM devices (including SIPLUS variants) contain a firmware authenticity vulnerability that allows installation of manipulated firmware packages. The vulnerability affects all versions before 8.3. An attacker with physical access to the device could load unauthorized firmware that alters or disables the controller's logic without detection. Siemens has released a firmware update to address this issue, though updating may require new hardware depending on the current device version.

What this means
What could happen
An attacker with physical access to the device could install malicious firmware that persists across reboots, allowing them to alter the logic controller's programmed behavior and disrupt or take over the automation process.
Who's at risk
Water treatment plants, electric utilities, and other municipal/industrial facilities using Siemens LOGO! 8 BM logic controllers for process automation and critical control sequences. SIPLUS variants used in harsh industrial environments are also affected.
How it could be exploited
An attacker would need to physically connect to the LOGO! 8 BM device and load a manipulated firmware package using the device's firmware upload mechanism. Once installed, the malicious firmware would run with the same privileges as legitimate firmware.
Prerequisites
  • Physical access to the LOGO! 8 BM device
  • Firmware upload/programming capability (typically via USB or device programming port)
  • No authentication or special credentials required once physical access is obtained
Requires physical access (low remote risk)No authentication required for firmware uploadLow exploit complexityCould affect safety-critical logic if embedded in safety functionsFirmware patch requires new hardware in some cases
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
LOGO! 8 BM (incl. SIPLUS variants)< V8.38.3
Remediation & Mitigation
0/2
Do now
0/1
HARDENINGPhysically secure LOGO! 8 BM devices to prevent unauthorized firmware access, restricting physical access to equipment rooms or control cabinets
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LOGO! 8 BM devices to firmware version 8.3 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d8f1ffdc-4101-49a6-9f75-112a456208ee