Siemens LOGO! (CVE-2017-12735)

high Tenable OT Security Plugin ID 501675


The remote OT asset is affected by a vulnerability.


A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in- the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.

This plugin only works with Tenable.ot.
Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Siemens provides LOGO!8 BM FS-05 with firmware Version 1.81.2, which fixes the first Insufficiently Protected Credentials vulnerability.

Siemens recommends users update to v8.3 to mitigate the Man-in-the-Middle vulnerability.

NOTE: To update, a new hardware version is required.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Configure the environment according to the recommendations in the Siemens user manual.
- Apply cell protection concept.
- Use VPN for protecting network communication between cells.
- Apply defense-in-depth.

As a general security measure, Siemens strongly recommends protecting network access to the devices with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines to run the devices in a protected IT environment.

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-087240

See Also

Plugin Details

Severity: High

ID: 501675

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 9/21/2023

Updated: 11/6/2023

Risk Information


Risk Factor: Medium

Score: 5.2


Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2017-12735


Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:logo%21_8_bm_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 8/30/2017

Vulnerability Publication Date: 8/30/2017

Reference Information

CVE: CVE-2017-12735

CWE: 300