Vulnerability: Reverse Engineering of Password Protected User-Defined Functions in LOGO! 8 BM and LOGO! Soft Comfort

Vulnerability: Reverse Engineering of Password Protected User-Defined Functions in LOGO! 8 BM and LOGO! Soft Comfort

CVE-2020-25234 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files.

Learn more about our User Device Pen Test.