cbcvebase.
CVE-2022-36360
published 2022-10-11

CVE-2022-36360: A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.25%
16.3th percentile
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.

Affected

3 ranges
VendorProductVersion rangeFixed in
siemenslogo!_8_bm
siemenslogo_!8_bm_fs-05_firmware< 8.38.3
siemenslogo_!_8_bm_firmware< 8.38.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.