A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp. Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25232 Reference (s):
- https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf
- URL: https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf