CVE-2020-25228 Vulnerability Details

  /     /     /  

CVE-2020-25228 Metadata Quick Info

CVE Published: 14/12/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: siemens | Vendor: Siemens | Product: LOGO! 8 BM (incl. SIPLUS variants)
Status : PUBLISHED

---

CVE-2020-25228 Description

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-306
CWE Name: CWE-306: Missing Authentication for Critical Function
Source: Siemens

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).