<p>LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a vulnerability that could allow an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the LOGO! V8.3 Product CA.</p>
<p>The vulnerability is related to the specific hardware architecture of the LOGO! V8.3 BM. Siemens has released new hardware versions with the LOGO! V8.4 BM and the SIPLUS LOGO! V8.4 BM product families for all affected devices in which the vulnerability is fixed and the Product CA private key is rotated. See the chapter “Additional Information” below for more details.</p>
<p>For more information please also refer to the related product support article: <a href="https://support.industry.siemens.com/cs/ww/en/view/109826554/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109826554/</a>.</p>
Source link
