Sign-up

ID

VAR-202006-1522


CVE

CVE-2020-7589


TITLE

LOGO!8 BM Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006493

DESCRIPTION

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. LOGO!8 BM (incl. SIPLUS variants) Exists in the lack of authentication for critical featuresInformation may be obtained and tampered with. Siemens LOGO! 8 BM is a programmable logic controller of Siemens (Siemens) in Germany. There is an access control error vulnerability in Siemens LOGO! 8 BM (all versions), which stems from the lack of ID verification in the program

Trust: 2.16

sources: NVD: CVE-2020-7589 // JVNDB: JVNDB-2020-006493 // CNVD: CNVD-2020-43685

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-43685

AFFECTED PRODUCTS

vendor:siemensmodel:logo\! 8 bmscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:logo! 8 bmscope: - version: -

Trust: 0.8

vendor:siemensmodel:logo!8 bmscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-43685 // JVNDB: JVNDB-2020-006493 // NVD: CVE-2020-7589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7589
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-006493
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-43685
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-824
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-7589
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006493
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-43685
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7589
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006493
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-43685 // JVNDB: JVNDB-2020-006493 // CNNVD: CNNVD-202006-824 // NVD: CVE-2020-7589

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2020-006493 // NVD: CVE-2020-7589

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-824

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202006-824

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006493

PATCH
title:SSA-817401url:https://cert-portal.siemens.com/productcert/pdf/ssa-817401.pdf
Trust: 0.8
title:Patch for Siemens LOGO! 8 BM access control error vulnerability (CNVD-2020-43685)url:https://www.cnvd.org.cn/patchInfo/show/228125
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-43685 // 
            
            
            
            JVNDB: JVNDB-2020-006493

EXTERNAL IDS
db:NVDid:CVE-2020-7589
Trust: 3.0
db:ICS CERTid:ICSA-20-161-03
Trust: 2.4
db:SIEMENSid:SSA-817401
Trust: 2.2
db:JVNid:JVNVU97501786
Trust: 0.8
db:JVNDBid:JVNDB-2020-006493
Trust: 0.8
db:CNVDid:CNVD-2020-43685
Trust: 0.6
db:TALOSid:TALOS-2020-1026
Trust: 0.6
db:NSFOCUSid:47158
Trust: 0.6
db:AUSCERTid:ESB-2020.2014
Trust: 0.6
db:CNNVDid:CNNVD-202006-824
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-43685 // 
            
            
            
            JVNDB: JVNDB-2020-006493 // 
            
            
            
            CNNVD: CNNVD-202006-824 // 
            
            
            
            NVD: CVE-2020-7589

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-817401.pdf
Trust: 2.2
url:https://www.us-cert.gov/ics/advisories/icsa-20-161-03
Trust: 2.2
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-161-03
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-7589
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7589
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97501786/
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47158
Trust: 0.6
url:https://talosintelligence.com/vulnerability_reports/talos-2020-1026
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2014/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-43685 // 
            
            
            
            JVNDB: JVNDB-2020-006493 // 
            
            
            
            CNNVD: CNNVD-202006-824 // 
            
            
            
            NVD: CVE-2020-7589

SOURCES
db:CNVDid:CNVD-2020-43685
db:JVNDBid:JVNDB-2020-006493
db:CNNVDid:CNNVD-202006-824
db:NVDid:CVE-2020-7589

LAST UPDATE DATE
2024-11-23T20:31:19.256000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-43685date:2020-08-01T00:00:00
db:JVNDBid:JVNDB-2020-006493date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202006-824date:2020-12-15T00:00:00
db:NVDid:CVE-2020-7589date:2024-11-21T05:37:25.783

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-43685date:2020-08-01T00:00:00
db:JVNDBid:JVNDB-2020-006493date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202006-824date:2020-06-09T00:00:00
db:NVDid:CVE-2020-7589date:2020-06-10T17:15:12.583