CVE-2020-25236
published 2021-03-15CVE-2020-25236: A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE…
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.27%
17.9th percentile
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device
executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | logo!_12_24rce | < * | * |
| siemens | logo!_12_24rceo | < * | * |
| siemens | logo!_230rce | < * | * |
| siemens | logo!_230rceo | < * | * |
| siemens | logo!_24ce | < * | * |
| siemens | logo!_24ceo | < * | * |
| siemens | logo!_24rce | < * | * |
| siemens | logo!_24rceo | < * | * |
| siemens | siplus_logo!_12_24rce | < * | * |
| siemens | siplus_logo!_12_24rceo | < * | * |
| siemens | siplus_logo!_230rce | < * | * |
| siemens | siplus_logo!_230rceo | < * | * |
| siemens | siplus_logo!_24ce | < * | * |
| siemens | siplus_logo!_24ceo | < * | * |
| siemens | siplus_logo!_24rce | < * | * |
| siemens | siplus_logo!_24rceo | < * | * |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens LOGO! 8 BM
cisa_ics·2021-03-09·CVSS 5.5
[MEDIUM] Siemens LOGO! 8 BM
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens LOGO! 8 BM
Last RevisedMarch 09, 2021
Alert CodeICSA-21-068-05
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.5
- ATTENTION: Low skill level to exploit
- Vendor: Siemens
- Equipment: LOGO! 8 BM
- Vulnerability: Improper Handling of Exceptional Conditions
## 2. RISK E
GHSA
GHSA-xv3q-r363-84pg: A vulnerability has been identified in LOGO! 8 BM (incl
ghsa_unreviewed·2022-05-24
CVE-2020-25236 [MEDIUM] CWE-755 GHSA-xv3q-r363-84pg: A vulnerability has been identified in LOGO! 8 BM (incl
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-15
Published