Siemens has a manual recommendation to handle missing authentication for critical function, improper handling of extra values, and plaintext storage of a password vulnerabilities in its LOGO!8 BM, according to a report with NCCIC.
Successful exploitation of these vulnerabilities could allow device reconfiguration, access to project files, decryption of files, and access to passwords. Manuel Stotz and Matthias Deeg from SySS GmbH reported these vulnerabilities to Siemens.
A programmable logic controller, Siemens LOGO!8 BM, all versions suffer from the remotely exploitable vulnerabilities.
In one vulnerability, attackers with access to Port 10005/TCP could perform device reconfigurations and obtain project files from the devices.
CVE-2019-10919 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.4.
In addition, project data stored on the device, which is accessible via Port 10005/TCP, can be decrypted due to a hardcoded encryption key.
CVE-2019-10920 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
Also, unencrypted storage of passwords in the project could allow an attacker with access to Port 10005/TCP to obtain passwords of the device.
CVE-2019-10921 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees action in the commercial facilities and transportation systems sectors. It also sees use on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
The LOGO!8 BM manual recommends protecting access to Port 10005/TCP.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following the recommendations in the product manuals.
Click here for additional information on industrial security for Siemens devices.
For more information on these vulnerabilities and more detailed mitigation instructions, see Siemens Security Advisory SSA-542701.