CVE-2022-36363 : A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory.

Published 2022-10-11 11:15:10

Updated 2024-09-10 10:15:04

Source Siemens AG

View at NVD, CVE.org

Products affected by CVE-2022-36363

Siemens » Logo!8 Bm Fs-05 Firmware
cpe:2.3:o:siemens:logo\!8_bm_fs-05_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Logo!8 Bm Fs-05 » Version: N/A
Siemens » Logo! 8 Bm Firmware
cpe:2.3:o:siemens:logo\!_8_bm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Logo!8 Bm » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-36363

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 43 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-36363

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	Siemens AG
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2022-36363

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

Assigned by: productcert@siemens.com (Secondary)

References for CVE-2022-36363

https://cert-portal.siemens.com/productcert/html/ssa-955858.html

SSA-955858

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf

Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-36363

Products affected by CVE-2022-36363

Exploit prediction scoring system (EPSS) score for CVE-2022-36363

CVSS scores for CVE-2022-36363

CWE ids for CVE-2022-36363

References for CVE-2022-36363