The NCCIC has published an advisory on missing authentication for critical function, improper handling of extra values, and plaintext storage of a password vulnerabilities in Siemens LOGO!8 BM. All versions are affected. Successful exploitation of these vulnerabilities could allow device reconfiguration, access to project files, decryption of files, and access to passwords. Siemens recommends a series of mitigations to address the vulnerabilities. The NCCIC has also provided a series of measures to address the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!