CVE-2022-36362
published 2022-10-11CVE-2022-36362: A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo…
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.87%
54.1th percentile
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recover
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | logo!_12_24rce | — | — |
| siemens | logo!_12_24rceo | — | — |
| siemens | logo!_230rce | — | — |
| siemens | logo!_230rceo | — | — |
| siemens | logo!_24ce | — | — |
| siemens | logo!_24ceo | — | — |
| siemens | logo!_24rce | — | — |
| siemens | logo!_24rceo | — | — |
| siemens | siplus_logo!_12_24rce | — | — |
| siemens | siplus_logo!_12_24rceo | — | — |
| siemens | siplus_logo!_230rce | — | — |
| siemens | siplus_logo!_230rceo | — | — |
| siemens | siplus_logo!_24ce | — | — |
| siemens | siplus_logo!_24ceo | — | — |
| siemens | siplus_logo!_24rce | — | — |
| siemens | siplus_logo!_24rceo | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mgxw-53vp-m2rh: A vulnerability has been identified in LOGO! 8 BM (incl
ghsa_unreviewed·2022-10-11
CVE-2022-36362 [HIGH] CWE-20 GHSA-mgxw-53vp-m2rh: A vulnerability has been identified in LOGO! 8 BM (incl
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.
CISA ICS
Siemens LOGO! 8 BM Devices
cisa_ics·2022-10-13·CVSS 9.8
[CRITICAL] Siemens LOGO! 8 BM Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens LOGO! 8 BM Devices
Last RevisedOctober 13, 2022
Alert CodeICSA-22-286-13
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: LOGO! 8 BM Devices
- Vulnerabilities: Buffer Copy without Checking Size of Input; Improper Input Validation; Improper Validation of Specified Index, Position, or Offset in Input.
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute code remotely, put the device into a denial-of-service state, or retrieve parts of the m
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-10-11
Published