Multiple vulnerabilities in Siemens LOGO Soft Comfort

Published: 2021-04-14

Risk	Medium
Patch available	NO
Number of vulnerabilities	2
CVE-ID	CVE-2020-25243 CVE-2020-25244
CWE-ID	CWE-22 CWE-427
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	LOGO! Soft Comfort Client/Desktop applications / Other client software
Vendor	Siemens

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Path traversal

EUVDB-ID: #VU52211

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-25243

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error while importing a compromised project file. A remote attacker can send a specially crafted HTTP request, leading to the execution of commands on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

LOGO! Soft Comfort: All versions

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-103-09
http://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insecure DLL loading

EUVDB-ID: #VU52212

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-25244

CWE-ID: CWE-427 - Uncontrolled Search Path Element