Critical Vulnerabilities Expose Siemens LOGO! Controllers to Attacks
Siemens has disclosed critical bugs that affect its LOGO! programmable logic controllers. The vulnerabilities can be exploited remotely and used to launch denial-of-service attacks. Siemens stated that the flaws impact all versions of the devices, which can be compromised when an attacker modifies the device’s configuration. LOGO! devices are designed for basic control tasks, however, SIPLUS versions designed for more extreme conditions are also impacted by the vulnerabilities.
Siemens, a German industrial giant, has not released patches for the vulnerabilities. Instead, they told customers they can reduce exploitation risks by applying defense-in-depth measures. The vulnerabilities can be exploited without user interaction by an unauthenticated attacker who has network access. Earlier this week, Siemens and CISA both released advisories on the critical vulnerabilities.