漏洞关键信息 Advisory ID: SYSS-2019-014 Product: LOGO! Manufacturer: Siemens Affected Version(s): LOGO! 8 (all versions) Tested Version(s): LOGO! 8, 6EDI052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03 Vulnerability Type: Storing Passwords in a Recoverable Format (CWE-257) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-04-04 Solution Date: 2019-05-14 (recommended mitigation by manufacturer) Public Disclosure: 2019-05-29 CVE Reference: CVE-2019-10921 Authors of Advisory: Manuel Stotz (SySS GmbH), Matthias Deeg (SySS GmbH) Overview Siemens LOGO! is a programmable logic controller (PLC) for small automation tasks. Passwords are stored in a recoverable format on LOGO! 8 PLCs. Vulnerability Details Passwords are stored in a recoverable format on LOGO! 8 PLCs, allowing an attacker to gain access to configured passwords as cleartext. Proof of Concept (PoC) Used a developed Nmap script to extract cleartext password data from a LOGO! 8 PLC. Solution Apply a defense-in-depth concept, including protection outlined in the system manual. Disclosure Timeline 2019-04-04: Vulnerability reported to manufacturer 2019-05-14: Public release of Siemens Security Advisory SSA-542701 2019-05-29: Public release of SySS security advisory References Product website for Siemens LOGO! SySS Security Advisories Video: “Siemens LOGO! 8 PLC Password Hacking” Credits Found by Manuel Stotz of SySS GmbH