Details of VAR-202012-0520

ID

VAR-202012-0520

CVE

CVE-2020-25231

TITLE

LOGO! 8 BM and LOGO! Soft Comfort Vulnerability in Using Hard Coded Credentials

Trust: 0.8

sources: JVNDB: JVNDB-2020-014383

DESCRIPTION

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files. Siemens LOGO! 8 BM is a programming software for the Windows platform in an industrial environment from Siemens in Germany. Attackers can use the vulnerability to make unauthorized password or configuration changes to any affected device

Trust: 2.16

sources: NVD: CVE-2020-25231 // JVNDB: JVNDB-2020-014383 // CNVD: CNVD-2020-70924

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-70924

AFFECTED PRODUCTS

vendor:	siemens	model:	logo\! 8 bm	scope:	lt	version:	8.3	Trust: 1.0
vendor:	siemens	model:	logo\! soft comfort	scope:	lt	version:	8.3	Trust: 1.0
vendor:	シーメンス	model:	logo! 8 bm	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	logo! 8 bm	scope:	eq	version:	siemens logo! soft comfort 8.3	Trust: 0.8
vendor:	シーメンス	model:	logo! 8 bm	scope:	eq	version:	logo! 8 bm firmware 8.3	Trust: 0.8
vendor:	siemens	model:	logo! bm	scope:	eq	version:	8<v8.3	Trust: 0.6
vendor:	siemens	model:	logo! soft comfort	scope:	lt	version:	v8.3	Trust: 0.6

sources: CNVD: CNVD-2020-70924 // JVNDB: JVNDB-2020-014383 // NVD: CVE-2020-25231

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25231
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-25231
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-70924
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-699
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-25231
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-70924
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-25231
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-25231
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-70924 // JVNDB: JVNDB-2020-014383 // CNNVD: CNNVD-202012-699 // NVD: CVE-2020-25231

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	CWE-321	Trust: 1.0
problemtype:	Using hardcoded credentials (CWE-798) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014383 // NVD: CVE-2020-25231

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-699

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-699

PATCH

title:	SSA-480824	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf	Trust: 0.8
title:	Patch for Siemens LOGO! 8 BM Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/241924	Trust: 0.6
title:	Siemens LOGO! 8 BM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137251	Trust: 0.6

sources: CNVD: CNVD-2020-70924 // JVNDB: JVNDB-2020-014383 // CNNVD: CNNVD-202012-699

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25231	Trust: 3.0
db:	SIEMENS	id:	SSA-480824	Trust: 1.6
db:	ICS CERT	id:	ICSA-20-343-10	Trust: 1.2
db:	JVN	id:	JVNVU90453244	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-014383	Trust: 0.8
db:	CNVD	id:	CNVD-2020-70924	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-699	Trust: 0.6

sources: CNVD: CNVD-2020-70924 // JVNDB: JVNDB-2020-014383 // CNNVD: CNNVD-202012-699 // NVD: CVE-2020-25231

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25231	Trust: 1.4
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-10	Trust: 1.2
url:	https://jvn.jp/vu/jvnvu90453244/index.html	Trust: 0.8

sources: CNVD: CNVD-2020-70924 // JVNDB: JVNDB-2020-014383 // CNNVD: CNNVD-202012-699 // NVD: CVE-2020-25231

SOURCES

db:	CNVD	id:	CNVD-2020-70924
db:	JVNDB	id:	JVNDB-2020-014383
db:	CNNVD	id:	CNNVD-202012-699
db:	NVD	id:	CVE-2020-25231

LAST UPDATE DATE

2024-11-23T20:47:23.496000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-70924	date:	2020-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-014383	date:	2021-08-17T08:16:00
db:	CNNVD	id:	CNNVD-202012-699	date:	2020-12-24T00:00:00
db:	NVD	id:	CVE-2020-25231	date:	2024-11-21T05:17:42.980

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-70924	date:	2020-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-014383	date:	2021-08-17T00:00:00
db:	CNNVD	id:	CNNVD-202012-699	date:	2020-12-08T00:00:00
db:	NVD	id:	CVE-2020-25231	date:	2020-12-14T21:15:19.927