A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf | Patch Vendor Advisory |
Configurations
History
12 Dec 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. |
12 Dec 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. |
12 Oct 2022, 13:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:logo\!8_bm_fs-05_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:logo\!8_bm:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:logo\!8_bm_fs-05:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:logo\!_8_bm_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Siemens logo\! 8 Bm Firmware
Siemens logo\!8 Bm Fs-05 Siemens logo\!8 Bm Fs-05 Firmware Siemens logo\!8 Bm Siemens |
|
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf - Patch, Vendor Advisory |
11 Oct 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-11 11:15
Updated : 2023-12-12 12:15
NVD link : CVE-2022-36361
Mitre link : CVE-2022-36361
CVE.ORG link : CVE-2022-36361
JSON object : View
Products Affected
siemens
- logo\!8_bm_fs-05
- logo\!8_bm_fs-05_firmware
- logo\!_8_bm_firmware
- logo\!8_bm
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')