{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "LOGO! 8 BM (incl. SIPLUS variants) contains multiple vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state, or change the behavior of the device.\n\nSiemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-267056: Multiple Vulnerabilities in LOGO! 8 BM Devices - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-267056.html"
      },
      {
        "category": "self",
        "summary": "SSA-267056: Multiple Vulnerabilities in LOGO! 8 BM Devices - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-267056.json"
      }
    ],
    "title": "SSA-267056: Multiple Vulnerabilities in LOGO! 8 BM Devices",
    "tracking": {
      "current_release_date": "2025-11-11T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-267056",
      "initial_release_date": "2025-11-11T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-11-11T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "interim",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "LOGO! 12/24RCE (6ED1052-1MD08-0BA2)",
                  "product_id": "1",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ED1052-1MD08-0BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! 12/24RCE (6ED1052-1MD08-0BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)",
                  "product_id": "2",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ED1052-2MD08-0BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "LOGO! 230RCE (6ED1052-1FB08-0BA2)",
                  "product_id": "3",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ED1052-1FB08-0BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! 230RCE (6ED1052-1FB08-0BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "LOGO! 230RCEo (6ED1052-2FB08-0BA2)",
                  "product_id": "4",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ED1052-2FB08-0BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! 230RCEo (6ED1052-2FB08-0BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "LOGO! 24CE (6ED1052-1CC08-0BA2)",
                  "product_id": "5",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ED1052-1CC08-0BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! 24CE (6ED1052-1CC08-0BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "LOGO! 24CEo (6ED1052-2CC08-0BA2)",
                  "product_id": "6",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ED1052-2CC08-0BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! 24CEo (6ED1052-2CC08-0BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "LOGO! 24RCE (6ED1052-1HB08-0BA2)",
                  "product_id": "7",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ED1052-1HB08-0BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! 24RCE (6ED1052-1HB08-0BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "LOGO! 24RCEo (6ED1052-2HB08-0BA2)",
                  "product_id": "8",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ED1052-2HB08-0BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! 24RCEo (6ED1052-2HB08-0BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)",
                  "product_id": "9",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1052-1MD08-7BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)",
                  "product_id": "10",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1052-2MD08-7BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)",
                  "product_id": "11",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1052-1FB08-7BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)",
                  "product_id": "12",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1052-2FB08-7BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)",
                  "product_id": "13",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1052-1CC08-7BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)",
                  "product_id": "14",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1052-2CC08-7BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)",
                  "product_id": "15",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1052-1HB08-7BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)",
                  "product_id": "16",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1052-2HB08-7BA2"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-40815",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Protect the LSC access to the device with a strong password.",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        }
      ],
      "title": "CVE-2025-40815"
    },
    {
      "cve": "CVE-2025-40816",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict network access to port 10006/udp to trusted IP addresses.",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        }
      ],
      "title": "CVE-2025-40816"
    },
    {
      "cve": "CVE-2025-40817",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to change time of the device, which means the device could behave differently.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict network access to port 10006/udp to trusted IP addresses.",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16"
          ]
        }
      ],
      "title": "CVE-2025-40817"
    }
  ]
}