Full Report
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM and the SIPLUS LOGO! V8.4 BM product families for all affected devices in which the vulnerability is fixed. See the chapter “Additional Information” below for more details.
Analysis Summary
# Vulnerability: Plaintext Password Storage in Siemens LOGO! V8.3 BM
## CVE Details
- **CVE ID:** CVE-2024-39922
- **CVSS Score:** 4.6 (Medium) - CVSS v3.1 / 5.1 (Medium) - CVSS v4.0
- **CWE:** CWE-256: Plaintext Storage of a Password
## Affected Systems
- **Products:**
- LOGO! V8.3 BM (Basic Module)
- SIPLUS LOGO! V8.3 BM (variants for extreme environmental conditions)
- **Versions:** All versions of the V8.3 product family. Specific hardware models include:
- 12/24RCE & 12/24RCEo
- 230RCE & 230RCEo
- 24CE & 24CEo
- 24RCE & 24RCEo
- **Configurations:** Devices where user-set passwords have been configured.
## Vulnerability Description
Affected devices store user-defined passwords in plaintext within an internal embedded storage Integrated Circuit (IC). The flaw allows for the recovery of sensitive credentials because the data is not encrypted or hashed before being committed to non-volatile memory.
## Exploitation
- **Status:** PoC available (indicated by CVSS "Exploit Code Maturity: Proof-of-Concept").
- **Complexity:** Low
- **Attack Vector:** Physical (Requires direct physical access to the device hardware to interface with the storage IC).
## Impact
- **Confidentiality:** High (Full extraction of user-set passwords).
- **Integrity:** None
- **Availability:** None
## Remediation
### Patches
There is no software patch for existing V8.3 hardware. Siemens has addressed this vulnerability by releasing **new hardware versions** (V8.4). Users must upgrade to the following product families to resolve the flaw:
- **LOGO! V8.4 BM** (Part numbers ending in -0BA2)
- **SIPLUS LOGO! V8.4 BM** (Part numbers ending in -7BA2)
### Workarounds
- Protect the device from unauthorized physical access.
- Deploy devices in locked cabinets or restricted-access areas.
- Adhere to the Siemens "Defense-in-Depth" security concept.
## Detection
- **Indicators of Compromise:** Hard to detect via software as exploitation occurs at the physical hardware layer.
- **Detection Methods:** Inspect device physical security for signs of tampering or unauthorized connection to internal IC pins.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-921449[.]html
- **Siemens ProductCERT:** hxxps://www[.]siemens[.]com/cert/advisories