Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw.
Update (July 15, 2020): Siemens patched another vulnerability that affects the LOGO! PLC's web server. CVE-2020-7593 could allow an adversary to execute remote code on the victim machine and was assigned a severity score of 10 out of 10.
Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industrial control systems and other commercial and home settings. The product contains several vulnerabilities that an adversary could use to carry out a variety of malicious activities.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Siemens to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details Siemens LOGO! TDE service "NFSAccess" delete denial-of-service vulnerability (TALOS-2020-1024/CVE-2020-7589)
An exploitable denial-of-service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Siemens LOGO! TDE service "DELETEPROG" denial-of-service vulnerability (TALOS-2020-1025/CVE-2020-7589)
An exploitable denial-of-service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause erased information resulting in a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Siemens LOGO! TDE service "NFSAccess" upload file write vulnerability (TALOS-2020-1026/CVE-2020-7589)
An exploitable file write vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can upload or overwrite file content to the local SD card. An attacker can send a sequence of malicious packets to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Siemens LOGO! web server code execution vulnerability (TALOS-2020-1069/CVE-2020-7593)
An exploitable code execution vulnerability exists in the Web Server functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted HTTP request can cause a memory corruption resulting in code execution. An attacker can send an unauthenticated packet to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Versions tested Talos tested and confirmed that these vulnerabilities the Siemens LOGO! 1.82.02, the LOGO! 12/24RCE, version 0BA and the LOGO! 230RCE, version 0BA.
Coverage The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 53441 - 53445, 53484