Siemens LOGO! Web Server Buffer Copy Without Checking Size of Input (CVE-2020-7593)

critical Tenable OT Security Plugin ID 501665

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends affected users update to the following versions:

LOGO! 8 BM (incl.SIPLUS varriants):

- Versions between 1.81.01 and 1.81.03: Update to v1.81.04
- Version 1.82.01: Update to v1.82.03
- Version 1.82.02: Update to v1.82.04

Siemens recommends applying defense-in-depth concepts, including the protection concept outlined in the system manual.

Siemens recommends following their general security recommendations. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-573753.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-573753.pdf

http://www.nessus.org/u?604f9512

https://www.cisa.gov/news-events/ics-advisories/icsa-20-196-08

Plugin Details

Severity: Critical

ID: 501665

Version: 1.6

Type: remote

Family: Tenable.ot

Published: 9/21/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-7593

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:logo%21_8_bm_firmware, cpe:/o:siemens:logo%21_8_bm_firmware:1.82.02, cpe:/o:siemens:logo%21_8_bm_firmware:1.82.01

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/14/2020

Vulnerability Publication Date: 7/14/2020

Reference Information

CVE: CVE-2020-7593

CWE: 120

ICSA: 20-196-08