ID

VAR-202210-0504


CVE

CVE-2022-36361


TITLE

Siemens'  logo! 8 bm  firmware and  Siemens LOGO!8 BM FS-05  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-018834

DESCRIPTION

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. Siemens' logo! 8 bm firmware and Siemens LOGO!8 BM FS-05 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-36361 // JVNDB: JVNDB-2022-018834

AFFECTED PRODUCTS

vendor:siemensmodel:logo\!8 bm fs-05scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:logo\! 8 bmscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:siemens logo!8 bm fs-05scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:logo! 8 bmscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018834 // NVD: CVE-2022-36361

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-36361
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2022-36361
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-36361
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202210-525
value: CRITICAL

Trust: 0.6

productcert@siemens.com: CVE-2022-36361
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-36361
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018834 // CNNVD: CNNVD-202210-525 // NVD: CVE-2022-36361 // NVD: CVE-2022-36361

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018834 // NVD: CVE-2022-36361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-525

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-525

PATCH

title:Siemens LOGO! 8 BM Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210600

Trust: 0.6

sources: CNNVD: CNNVD-202210-525

EXTERNAL IDS

db:NVDid:CVE-2022-36361

Trust: 3.2

db:SIEMENSid:SSA-955858

Trust: 2.4

db:ICS CERTid:ICSA-22-286-13

Trust: 1.4

db:JVNid:JVNVU92214181

Trust: 0.8

db:JVNDBid:JVNDB-2022-018834

Trust: 0.8

db:CNNVDid:CNNVD-202210-525

Trust: 0.6

sources: JVNDB: JVNDB-2022-018834 // CNNVD: CNNVD-202210-525 // NVD: CVE-2022-36361

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/html/ssa-955858.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92214181/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-36361

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-13

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-286-13

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-36361/

Trust: 0.6

sources: JVNDB: JVNDB-2022-018834 // CNNVD: CNNVD-202210-525 // NVD: CVE-2022-36361

CREDITS

Cyber Research Group from Raytheon UK reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202210-525

SOURCES

db:JVNDBid:JVNDB-2022-018834
db:CNNVDid:CNNVD-202210-525
db:NVDid:CVE-2022-36361

LAST UPDATE DATE

2024-09-10T20:28:42.360000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-018834date:2023-10-23T08:12:00
db:CNNVDid:CNNVD-202210-525date:2022-10-14T00:00:00
db:NVDid:CVE-2022-36361date:2024-09-10T10:15:03.930

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-018834date:2023-10-23T00:00:00
db:CNNVDid:CNNVD-202210-525date:2022-10-11T00:00:00
db:NVDid:CVE-2022-36361date:2022-10-11T11:15:10.037