Man-in-the-middle attack in LOGO! Soft Comfort - CVE-2017-12740
Published: December 22, 2017 / Updated: February 13, 2018
Vulnerability identifier: #VU9701
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-12740
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
LOGO! Soft Comfort
LOGO! Soft Comfort
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct man-in-the-middle attack.
The weakness exists due to lack of integrity verification on software packages downloaded via an unprotected communication channel. A remote attacker can use man-in-the-middle technique and manipulate the software package.
The weakness exists due to lack of integrity verification on software packages downloaded via an unprotected communication channel. A remote attacker can use man-in-the-middle technique and manipulate the software package.
How to mitigate CVE-2017-12740
Update to version 8.2.