Detections
Analytics
Siemens LOGO! Web Server Buffer Copy Without Checking Size of Input (CVE-2020-7593)
critical Tenable OT Security Plugin ID 501665
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens recommends affected users update to the following versions:
LOGO! 8 BM (incl.SIPLUS varriants):
- Versions between 1.81.01 and 1.81.03: Update to v1.81.04
- Version 1.82.01: Update to v1.82.03
- Version 1.82.02: Update to v1.82.04
Siemens recommends applying defense-in-depth concepts, including the protection concept outlined in the system manual.
Siemens recommends following their general security recommendations. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-573753.
See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-573753.pdf
http://www.nessus.org/u?604f9512
https://www.cisa.gov/news-events/ics-advisories/icsa-20-196-08
Plugin Details
Severity: Critical
ID: 501665
Version: 1.5
Type: remote
Family: Tenable.ot
Published: 9/21/2023
Updated: 4/11/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2020-7593
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:logo%21_8_bm_firmware, cpe:/o:siemens:logo%21_8_bm_firmware:1.82.01, cpe:/o:siemens:logo%21_8_bm_firmware:1.82.02
Required KB Items: Tenable.ot/Siemens
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/14/2020
Vulnerability Publication Date: 7/14/2020
Reference Information
CVE: CVE-2020-7593
CWE: 120