VAR-201708-1137
Vulnerability from variot - Updated: 2023-12-18 12:37A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. Siemens LOGO! The device contains an access control vulnerability.Information may be obtained and information may be altered. LOGO!8 is the 8th generation intelligent logic controller of Siemens. It is the NanoPLC in the Siemens PLC family. It simplifies the programming configuration, the integrated panel can display more content, and can be easily integrated efficiently through the integrated Ethernet interface. interconnected. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "logo\\! 8 bm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.3"
},
{
"model": "logo! 8 bm",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "logo!8 bm",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "logo\\!8 bm",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "logo!8 bm fs-05",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "logo 8 bm",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"db": "BID",
"id": "100561"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"db": "NVD",
"id": "CVE-2017-12735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:logo\\!_8_bm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:logo\\!:12\\/24rce:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:logo\\!:24ce:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:logo\\!:24rce:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:logo\\!:230rce:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "100561"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12735",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-24121",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "29fab2f5-9e11-4346-ac56-489f82c76976",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-103287",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12735",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12735",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-24121",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1271",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-103287",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"db": "VULHUB",
"id": "VHN-103287"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"db": "NVD",
"id": "CVE-2017-12735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. Siemens LOGO! The device contains an access control vulnerability.Information may be obtained and information may be altered. LOGO!8 is the 8th generation intelligent logic controller of Siemens. It is the NanoPLC in the Siemens PLC family. It simplifies the programming configuration, the integrated panel can display more content, and can be easily integrated efficiently through the integrated Ethernet interface. interconnected. \nSuccessfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12735"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"db": "BID",
"id": "100561"
},
{
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"db": "VULHUB",
"id": "VHN-103287"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12735",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-087240",
"trust": 2.6
},
{
"db": "BID",
"id": "100561",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-243-02",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1271",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-24121",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007570",
"trust": 0.8
},
{
"db": "IVD",
"id": "29FAB2F5-9E11-4346-AC56-489F82C76976",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103287",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"db": "VULHUB",
"id": "VHN-103287"
},
{
"db": "BID",
"id": "100561"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"db": "NVD",
"id": "CVE-2017-12735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
]
},
"id": "VAR-201708-1137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"db": "VULHUB",
"id": "VHN-103287"
}
],
"trust": 1.6913690200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"db": "CNVD",
"id": "CNVD-2017-24121"
}
]
},
"last_update_date": "2023-12-18T12:37:14.659000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-087240",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240.pdf"
},
{
"title": "Siemens LOGO!8 BM Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74459"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-300",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103287"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"db": "NVD",
"id": "CVE-2017-12735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100561"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"
},
{
"trust": 1.5,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12735"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12735"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-243-02"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"db": "VULHUB",
"id": "VHN-103287"
},
{
"db": "BID",
"id": "100561"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"db": "NVD",
"id": "CVE-2017-12735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"db": "VULHUB",
"id": "VHN-103287"
},
{
"db": "BID",
"id": "100561"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"db": "NVD",
"id": "CVE-2017-12735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-31T00:00:00",
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-103287"
},
{
"date": "2017-08-30T00:00:00",
"db": "BID",
"id": "100561"
},
{
"date": "2017-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"date": "2017-08-30T19:29:00.320000",
"db": "NVD",
"id": "CVE-2017-12735"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24121"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-103287"
},
{
"date": "2017-08-30T00:00:00",
"db": "BID",
"id": "100561"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007570"
},
{
"date": "2020-12-23T18:29:10.487000",
"db": "NVD",
"id": "CVE-2017-12735"
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens LOGO!8 BM Man-in-the-middle attack vulnerability",
"sources": [
{
"db": "IVD",
"id": "29fab2f5-9e11-4346-ac56-489f82c76976"
},
{
"db": "CNVD",
"id": "CNVD-2017-24121"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1271"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…