cbcvebase.
CVE-2022-36361
published 2022-10-11

CVE-2022-36361: A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.90%
55.2th percentile
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

Affected

16 ranges
VendorProductVersion rangeFixed in
siemenslogo!_12_24rce< **
siemenslogo!_12_24rceo< **
siemenslogo!_230rce< **
siemenslogo!_230rceo< **
siemenslogo!_24ce< **
siemenslogo!_24ceo< **
siemenslogo!_24rce< **
siemenslogo!_24rceo< **
siemenssiplus_logo!_12_24rce< **
siemenssiplus_logo!_12_24rceo< **
siemenssiplus_logo!_230rce< **
siemenssiplus_logo!_230rceo< **
siemenssiplus_logo!_24ce< **
siemenssiplus_logo!_24ceo< **
siemenssiplus_logo!_24rce< **
siemenssiplus_logo!_24rceo< **

Detection & IOCsextracted from sources · hover to see the quote

port10005/TCP
port8443/TCP
port135/TCP
  • Monitor for malformed or anomalous TCP packets targeting LOGO! 8 BM devices on ports 10005/TCP (pre-V8.3) and 8443/TCP (V8.3+); exploitation involves improper TCP packet structure validation leading to buffer overflow and instruction counter hijack.
  • Alert on any unauthenticated remote connections to LOGO! 8 BM devices on the identified TCP ports from untrusted IP addresses; the vulnerability requires no authentication and has low attack complexity (CVSS AV:N/AC:L/PR:N/UI:N).
  • ·No public exploits were known at time of advisory publication, but the vulnerability is remotely exploitable with low attack complexity and no authentication required.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.