LOGO to Siemens! Critical vulnerabilities which can be exploited remotely to launch denial-of-service (DoS) attacks and modify device configuration affect programmable logic controllers (PLCs).
The bugs are affecting all iterations of its LOGO, according to Siemens! 8 BM devices, designed to perform basic control tasks. Also affected are SIPLUS models which are intended for use in extreme conditions.
The German industrial giant has yet to release patches for the vulnerabilities which have been described as missing authentication issues, but it has told customers that by applying defense-in-depth measures they may reduce the risk of exploitation.
Siemens says an unauthenticated intruder with network access to TCP port 135 may take advantage of the vulnerabilities to read and change the configuration of a system and get project files without user interaction.
While the advisories published by Siemens and CISA this week mention a single vulnerability, Cisco’s Talos Threat Intelligence and Research Group, which the vendor has credited for the findings, says there are in fact three missing authentication flaws tracked under the same CVE identifier, CVE-2020-7589.
All three vulnerabilities are linked to the LOGO’s TDE text display features, according to advisories published by Talos! Goods and all of them can be abused by sending specially designed packets to the network in question. Talos released technical information about how these payloads look.
The firm says two of the flaws allow an attacker to delete device information, causing a condition of denial-of – service (DoS). The third bug can be exploited to transfer or erase files onto the SD card, which, according to Talos, can affect the integrity and availability of the system.
