ID

VAR-202210-0503


CVE

CVE-2022-36362


TITLE

Siemens'  logo! 8 bm  firmware and  Siemens LOGO!8 BM FS-05  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-018833

DESCRIPTION

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device. Siemens' logo! 8 bm firmware and Siemens LOGO!8 BM FS-05 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-36362 // JVNDB: JVNDB-2022-018833

AFFECTED PRODUCTS

vendor:siemensmodel:logo\! 8 bmscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:logo\!8 bm fs-05scope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:siemens logo!8 bm fs-05scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:logo! 8 bmscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018833 // NVD: CVE-2022-36362

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-36362
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-36362
value: HIGH

Trust: 1.0

NVD: CVE-2022-36362
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-514
value: HIGH

Trust: 0.6

productcert@siemens.com: CVE-2022-36362
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-36362
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018833 // CNNVD: CNNVD-202210-514 // NVD: CVE-2022-36362 // NVD: CVE-2022-36362

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018833 // NVD: CVE-2022-36362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-514

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-514

PATCH

title:Siemens LOGO! 8 BM Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210595

Trust: 0.6

sources: CNNVD: CNNVD-202210-514

EXTERNAL IDS

db:NVDid:CVE-2022-36362

Trust: 3.2

db:SIEMENSid:SSA-955858

Trust: 2.4

db:ICS CERTid:ICSA-22-286-13

Trust: 1.4

db:JVNid:JVNVU92214181

Trust: 0.8

db:JVNDBid:JVNDB-2022-018833

Trust: 0.8

db:CNNVDid:CNNVD-202210-514

Trust: 0.6

sources: JVNDB: JVNDB-2022-018833 // CNNVD: CNNVD-202210-514 // NVD: CVE-2022-36362

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/html/ssa-955858.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92214181/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-36362

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-13

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-286-13

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-36362/

Trust: 0.6

sources: JVNDB: JVNDB-2022-018833 // CNNVD: CNNVD-202210-514 // NVD: CVE-2022-36362

CREDITS

Cyber Research Group from Raytheon UK reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202210-514

SOURCES

db:JVNDBid:JVNDB-2022-018833
db:CNNVDid:CNNVD-202210-514
db:NVDid:CVE-2022-36362

LAST UPDATE DATE

2024-10-08T22:36:13.546000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-018833date:2023-10-23T08:12:00
db:CNNVDid:CNNVD-202210-514date:2022-10-14T00:00:00
db:NVDid:CVE-2022-36362date:2024-10-08T09:15:07.417

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-018833date:2023-10-23T00:00:00
db:CNNVDid:CNNVD-202210-514date:2022-10-11T00:00:00
db:NVDid:CVE-2022-36362date:2022-10-11T11:15:10.103