Man-in-the-middle in Siemens LOGO! Soft Comfort

Published: 2017-12-22 13:03:11
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-12740
CVSSv3 5.3 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]
CWE ID CWE-300
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software LOGO! Soft Comfort
Vulnerable software versions LOGO! Soft Comfort -
Vendor URL Siemens

Security Advisory

1) Man-in-the-middle attack

Description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The weakness exists due to lack of integrity verification on software packages downloaded via an unprotected communication channel. A remote attacker can use man-in-the-middle technique and manipulate the software package.

Remediation

Update to version 8.2.

External links

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf

Back to List