Sign-up

ID

VAR-202312-0270


CVE

CVE-2022-42784


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-024738

DESCRIPTION

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version. 6ed1052-1md08-0ba1 firmware, 6ed1052-2md08-0ba1 firmware, 6ed1052-1cc08-0ba1 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens LOGO! BM (Base Module) devices are used for basic small automation tasks

Trust: 2.16

sources: NVD: CVE-2022-42784 // JVNDB: JVNDB-2022-024738 // CNVD: CNVD-2023-97272

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-97272

AFFECTED PRODUCTS

vendor:siemensmodel:6ag1052-2cc08-7ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ag1052-2fb08-7ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ag1052-1fb08-7ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ed1052-2fb08-0ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ed1052-2md08-0ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ag1052-2hb08-7ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ag1052-1hb08-7ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ed1052-2cc08-0ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ed1052-1md08-0ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ag1052-2md08-7ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ed1052-1cc08-0ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ag1052-1md08-7ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ed1052-1hb08-0ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ag1052-1cc08-7ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ed1052-2hb08-0ba1scope:lteversion:8.3

Trust: 1.0

vendor:siemensmodel:6ed1052-1fb08-0ba1scope:lteversion:8.3

Trust: 1.0

vendor:シーメンスmodel:6ed1052-1fb08-0ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ed1052-2md08-0ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ag1052-1hb08-7ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ag1052-1cc08-7ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ag1052-1md08-7ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ed1052-2fb08-0ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ed1052-1hb08-0ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ag1052-2cc08-7ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ag1052-2fb08-7ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ed1052-1cc08-0ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ed1052-2hb08-0ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ed1052-2cc08-0ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ag1052-2hb08-7ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ed1052-1md08-0ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ag1052-2md08-7ba1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:6ag1052-1fb08-7ba1scope: - version: -

Trust: 0.8

vendor:siemensmodel:logo! 12/24rcescope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:logo! 12/24rceoscope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:logo! 24cescope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:logo! 24ceoscope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:logo! 24rcescope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:logo! 24rceoscope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:logo! 230rcescope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:logo! 230rceoscope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! 12/24rcescope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! 12/24rceoscope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! 24cescope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! 24ceoscope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! 24rcescope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! 24rceoscope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! 230rcescope:gteversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! 230rceoscope:gteversion:v8.3

Trust: 0.6

sources: CNVD: CNVD-2023-97272 // JVNDB: JVNDB-2022-024738 // NVD: CVE-2022-42784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42784
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2022-42784
value: HIGH

Trust: 1.0

NVD: CVE-2022-42784
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-97272
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-97272
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-42784
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-42784
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-42784
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-97272 // JVNDB: JVNDB-2022-024738 // NVD: CVE-2022-42784 // NVD: CVE-2022-42784

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-1319

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-024738 // NVD: CVE-2022-42784

PATCH

title:Patch for Siemens LOGO! BM (Base Module) equipment has unspecified vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/500386

Trust: 0.6

sources: CNVD: CNVD-2023-97272

EXTERNAL IDS

db:NVDid:CVE-2022-42784

Trust: 3.2

db:SIEMENSid:SSA-844582

Trust: 2.4

db:JVNid:JVNVU98271228

Trust: 0.8

db:ICS CERTid:ICSA-23-348-04

Trust: 0.8

db:JVNDBid:JVNDB-2022-024738

Trust: 0.8

db:CNVDid:CNVD-2023-97272

Trust: 0.6

sources: CNVD: CNVD-2023-97272 // JVNDB: JVNDB-2022-024738 // NVD: CVE-2022-42784

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/html/ssa-844582.html

Trust: 1.6

url:https://jvn.jp/vu/jvnvu98271228/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-42784

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-04

Trust: 0.8

sources: CNVD: CNVD-2023-97272 // JVNDB: JVNDB-2022-024738 // NVD: CVE-2022-42784

SOURCES

db:CNVDid:CNVD-2023-97272
db:JVNDBid:JVNDB-2022-024738
db:NVDid:CVE-2022-42784

LAST UPDATE DATE

2024-09-10T19:46:31.882000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-97272date:2023-12-13T00:00:00
db:JVNDBid:JVNDB-2022-024738date:2024-01-15T05:11:00
db:NVDid:CVE-2022-42784date:2024-09-10T10:15:04.440

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-97272date:2023-12-14T00:00:00
db:JVNDBid:JVNDB-2022-024738date:2024-01-15T00:00:00
db:NVDid:CVE-2022-42784date:2023-12-12T10:15:09.560