![]() ![]() CVE-2019-10920 – Use of hard-coded cryptographic key (the aforementioned configured passwords are, for example, encrypted with it).CVE-2019-10919 – Missing authentication for critical functions (getting profile information containing sensitive data such as different configured passwords, setting passwords) which could allow the attacker to perform device reconfigurations and obtain project files.The vulnerabilities, discovered and reported by Manuel Stotz and Matthias Deeg from German pentesting outfit SySS GmbH, are three: It is deployed worldwide and can be controlled remotely. LOGO! is an intelligent logic module meant for small automation projects in industrial (control of compressors, conveyer belts, door control, etc.), office/commercial and home settings (lighting control, pool-related control tasks, access control, etc.). LOGO!, a programmable logic controller (PLC) manufactured by Siemens, sports three vulnerabilities that could allow remote attackers to reconfigure the device, access project files, decrypt files, and access passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |