Sign-up

ID

VAR-202012-0524


CVE

CVE-2020-25233


TITLE

LOGO! 8 BM  Vulnerability in using hard-coded encryption keys in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014385

DESCRIPTION

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. Siemens LOGO! 8 BM is a programming software for the Windows platform in an industrial environment from Siemens in Germany

Trust: 2.25

sources: NVD: CVE-2020-25233 // JVNDB: JVNDB-2020-014385 // CNVD: CNVD-2020-70935 // VULMON: CVE-2020-25233

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-70935

AFFECTED PRODUCTS

vendor:siemensmodel:logo\! 8 bmscope:ltversion:8.3

Trust: 1.0

vendor:シーメンスmodel:logo! 8 bmscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:logo! 8 bmscope:eqversion:logo! 8 bm firmware 8.3

Trust: 0.8

vendor:siemensmodel:logo! bmscope:eqversion:8<v8.3

Trust: 0.6

vendor:siemensmodel:logo! soft comfortscope:ltversion:v8.3

Trust: 0.6

sources: CNVD: CNVD-2020-70935 // JVNDB: JVNDB-2020-014385 // NVD: CVE-2020-25233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25233
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-25233
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-70935
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202012-690
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-25233
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-25233
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-70935
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-25233
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-25233
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-70935 // VULMON: CVE-2020-25233 // JVNDB: JVNDB-2020-014385 // CNNVD: CNNVD-202012-690 // NVD: CVE-2020-25233

PROBLEMTYPE DATA

problemtype:CWE-321

Trust: 1.0

problemtype:Use of hard-coded encryption key (CWE-321) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014385 // NVD: CVE-2020-25233

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-690

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-690

PATCH

title:SSA-480824url:https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf

Trust: 0.8

title:Patch for Siemens LOGO! 8 BM hard-coded encryption key vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/241933

Trust: 0.6

title:Siemens LOGO! 8 BM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137243

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=f3a88c98e8c3a713108cc327ec0a3921

Trust: 0.1

title:CVE-2020-25233url:https://github.com/twentybel0w/CVE-2020-25233

Trust: 0.1

sources: CNVD: CNVD-2020-70935 // VULMON: CVE-2020-25233 // JVNDB: JVNDB-2020-014385 // CNNVD: CNNVD-202012-690

EXTERNAL IDS

db:NVDid:CVE-2020-25233

Trust: 3.1

db:SIEMENSid:SSA-480824

Trust: 1.7

db:ICS CERTid:ICSA-20-343-10

Trust: 1.2

db:JVNid:JVNVU90453244

Trust: 0.8

db:JVNDBid:JVNDB-2020-014385

Trust: 0.8

db:CNVDid:CNVD-2020-70935

Trust: 0.6

db:CNNVDid:CNNVD-202012-690

Trust: 0.6

db:VULMONid:CVE-2020-25233

Trust: 0.1

sources: CNVD: CNVD-2020-70935 // VULMON: CVE-2020-25233 // JVNDB: JVNDB-2020-014385 // CNNVD: CNNVD-202012-690 // NVD: CVE-2020-25233

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-25233

Trust: 1.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-10

Trust: 1.2

url:https://jvn.jp/vu/jvnvu90453244/index.html

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/321.html

Trust: 0.1

url:https://github.com/twentybel0w/cve-2020-25233

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-480824.txt

Trust: 0.1

sources: CNVD: CNVD-2020-70935 // VULMON: CVE-2020-25233 // JVNDB: JVNDB-2020-014385 // CNNVD: CNNVD-202012-690 // NVD: CVE-2020-25233

SOURCES

db:CNVDid:CNVD-2020-70935
db:VULMONid:CVE-2020-25233
db:JVNDBid:JVNDB-2020-014385
db:CNNVDid:CNNVD-202012-690
db:NVDid:CVE-2020-25233

LAST UPDATE DATE

2024-11-23T21:26:24.476000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-70935date:2020-12-12T00:00:00
db:VULMONid:CVE-2020-25233date:2020-12-16T00:00:00
db:JVNDBid:JVNDB-2020-014385date:2021-08-17T08:16:00
db:CNNVDid:CNNVD-202012-690date:2020-12-24T00:00:00
db:NVDid:CVE-2020-25233date:2024-11-21T05:17:43.290

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-70935date:2020-12-12T00:00:00
db:VULMONid:CVE-2020-25233date:2020-12-14T00:00:00
db:JVNDBid:JVNDB-2020-014385date:2021-08-17T00:00:00
db:CNNVDid:CNNVD-202012-690date:2020-12-08T00:00:00
db:NVDid:CVE-2020-25233date:2020-12-14T21:15:20.050