Details of VAR-202012-0517

ID

VAR-202012-0517

CVE

CVE-2020-25228

TITLE

LOGO! 8 BM Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014380

DESCRIPTION

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port. LOGO! 8 BM (SIPLUS variants Including ) There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SIEMENS LOGO! 8 BM is a programming software for the Windows platform in an industrial environment from Siemens in Germany

Trust: 2.16

sources: NVD: CVE-2020-25228 // JVNDB: JVNDB-2020-014380 // CNVD: CNVD-2020-70939

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-70939

AFFECTED PRODUCTS

vendor:	siemens	model:	logo\! 8 bm	scope:	lt	version:	8.3	Trust: 1.0
vendor:	シーメンス	model:	logo! 8 bm	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	logo! 8 bm	scope:	eq	version:	logo! 8 bm firmware 8.3	Trust: 0.8
vendor:	siemens	model:	logo! bm	scope:	eq	version:	8<v8.3	Trust: 0.6
vendor:	siemens	model:	logo! soft comfort	scope:	lt	version:	v8.3	Trust: 0.6

sources: CNVD: CNVD-2020-70939 // JVNDB: JVNDB-2020-014380 // NVD: CVE-2020-25228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25228
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-25228
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-70939
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202012-695
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-25228
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-70939
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-25228
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-25228
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-70939 // JVNDB: JVNDB-2020-014380 // CNNVD: CNNVD-202012-695 // NVD: CVE-2020-25228

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for important features (CWE-306) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014380 // NVD: CVE-2020-25228

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-695

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202012-695

PATCH

title:	SSA-480824	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf	Trust: 0.8
title:	Patch for SIEMENS LOGO! 8 BM key functions lack authentication vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/241927	Trust: 0.6
title:	Siemens LOGO! 8 BM Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137248	Trust: 0.6

sources: CNVD: CNVD-2020-70939 // JVNDB: JVNDB-2020-014380 // CNNVD: CNNVD-202012-695

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25228	Trust: 3.0
db:	SIEMENS	id:	SSA-480824	Trust: 1.6
db:	ICS CERT	id:	ICSA-20-343-10	Trust: 1.2
db:	JVN	id:	JVNVU90453244	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-014380	Trust: 0.8
db:	CNVD	id:	CNVD-2020-70939	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-695	Trust: 0.6

sources: CNVD: CNVD-2020-70939 // JVNDB: JVNDB-2020-014380 // CNNVD: CNNVD-202012-695 // NVD: CVE-2020-25228

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25228	Trust: 1.4
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-10	Trust: 1.2
url:	https://jvn.jp/vu/jvnvu90453244/index.html	Trust: 0.8

sources: CNVD: CNVD-2020-70939 // JVNDB: JVNDB-2020-014380 // CNNVD: CNNVD-202012-695 // NVD: CVE-2020-25228

SOURCES

db:	CNVD	id:	CNVD-2020-70939
db:	JVNDB	id:	JVNDB-2020-014380
db:	CNNVD	id:	CNNVD-202012-695
db:	NVD	id:	CVE-2020-25228

LAST UPDATE DATE

2024-11-23T21:16:41.772000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-70939	date:	2020-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-014380	date:	2021-08-17T08:16:00
db:	CNNVD	id:	CNNVD-202012-695	date:	2020-12-24T00:00:00
db:	NVD	id:	CVE-2020-25228	date:	2024-11-21T05:17:42.507

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-70939	date:	2020-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-014380	date:	2021-08-17T00:00:00
db:	CNNVD	id:	CNNVD-202012-695	date:	2020-12-08T00:00:00
db:	NVD	id:	CVE-2020-25228	date:	2020-12-14T21:15:19.723