Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industrial control systems and
other commercial and home settings. The product contains several vulnerabilities that an adversary could use to carry out a variety of malicious activities.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Siemens to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Siemens LOGO! TDE service "NFSAccess" delete denial-of-service vulnerability (TALOS-2020-1024/CVE-2020-7589)
An exploitable denial-of-service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Siemens LOGO! TDE service "DELETEPROG" denial-of-service vulnerability (TALOS-2020-1025/CVE-2020-7589)
An exploitable denial-of-service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause erased information resulting in ..
Support the originator by clicking the read the rest link below.
