Siemens has plugged a man-in-the-middle vulnerability in its LOGO!8 BM FS-05 industrial automation hardware – but a second remains unpatched.
The vulnerabilities were turned up by German researcher Maxim Rupp.
According to Siemens' advisory, CVE-2017-12734 can be exploited by an attacker to sniff the session ID from an active user session.
If the devices' admin web server is visible from the internet and a user is logged in, that would allow a remote attacker to hijack the admin session. The equipment maker notes the admin interface should be restricted to trusted networks. All versions of Logo!8 BM older than 1.18.2 are vulnerable and need a firmware update.
The second unpatched vulnerability is CVE-2017-12735: this is predominantly a local risk, in which an attacker could perform a MITM attack between a LOGO! BM unit and other devices on the network.
In the absence of a fix, Siemens provides configuration instructions which include using a VPN to protect traffic between cells in the network.
The Register notes that such fixes are more likely to be applied in industrial and commercial environments with IT and security teams. However, Siemens also pitches the at-risk units to domestic environments – such as gate controls, for example – where there may not be a dedicated IT person to apply the updates, and thus the upgrades might be less likely.