Full Report
A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device. The vulnerability is related to the hardware of the product. Siemens has released new hardware versions with the LOGO! V8.4 BM and the SIPLUS LOGO! V8.4 BM product families for all affected devices in which this vulnerability is fixed. See the chapter “Additional Information” below for more details. For more information please also refer to the related product support article: https://support.industry.siemens.com/cs/ww/en/view/109826554/.
Analysis Summary
# Vulnerability: Denial-of-Service in LOGO! 8 BM via Malicious Project File
## CVE Details
- CVE ID: CVE-2020-25236
- CVSS Score: 5.5 (Medium)
- CWE: Not specified in the summary, but related to hardware interaction/project file processing.
## Affected Systems
- Products:
- LOGO! V8.3 BM series (including specific models: LOGO! 12/24RCE, 12/24RCEo, 230RCE, 230RCEo, 24CE, 24CEo, 24RCE, 24RCEo)
- SIPLUS LOGO! V8.3 BM series (including specific models: SIPLUS LOGO! 12/24RCE, 12/24RCEo, etc.)
- Versions: All versions of the listed LOGO! V8.3 BM models and their SIPLUS counterparts are affected.
- Configurations: Requires a user to be tricked into loading a malicious project file onto the affected device. The vulnerability is related to the product's hardware.
## Vulnerability Description
A Denial-of-Service (DoS) vulnerability exists in LOGO! 8 BM devices. An attacker can induce a crash of the device if a user is compromised and loads a specially crafted, malicious project file onto the affected hardware module.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but the mechanism relies on social engineering ("tricked into loading a malicious project file").
- Complexity: Implied to be low to medium, as it requires user interaction (loading the file).
- Attack Vector: Indirect application/file loading (user interaction required). Impact is local to the device once the file is loaded.
## Impact
- Confidentiality: No impact mentioned.
- Integrity: No impact mentioned (Primary impact is availability).
- Availability: High potential for Denial-of-Service (device crash).
## Remediation
### Patches
The vulnerability is fixed in newer hardware versions:
- **LOGO! V8.4 BM** product family (e.g., LOGO! 12/24RCE (6ED1052-1MD08-0BA2))
- **SIPLUS LOGO! V8.4 BM** product family (e.g., SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2))
*Note: For LOGO! V8.3 BM and specific listed models, Siemens currently states "no fix is planned." The mitigation strategy relies on hardware replacement.*
### Workarounds
For affected V8.3 devices where no software fix is planned, follow the recommendations detailed in the referenced support article (https://support.industry.siemens.com/cs/ww/en/view/109826554/). These generally involve mitigating the risk of loading unauthorized project files (see Detection/Mitigation).
## Detection
- **Indicators of Compromise:** Device crashes or unexpected reboots occurring after loading a new or modified project file.
- **Detection Methods and Tools:** Hard to detect pre-exploitation except by monitoring physical access or network connections used for project file transfer. Mitigation focuses on access control.
## References
- Vendor Advisory: SSA-783481
- Product Support Article: hxxps://support.industry.siemens.com/cs/ww/en/view/109826554/
- Siemens CERT Advisories: hxxps://www.siemens.com/cert/advisories