Sign-up

ID

VAR-202408-0347


CVE

CVE-2024-39922


TITLE

Siemens LOGO! Password Plaintext Storage Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-35421

DESCRIPTION

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs. Siemens LOGO! BM (Base Module) devices are used for basic, small-scale automation tasks. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the product they are based on

Trust: 1.44

sources: NVD: CVE-2024-39922 // CNVD: CNVD-2024-35421

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-35421

AFFECTED PRODUCTS

vendor:siemensmodel:logo! bmscope:eqversion:v8.3

Trust: 0.6

vendor:siemensmodel:siplus logo! bmscope:eqversion:v8.3

Trust: 0.6

sources: CNVD: CNVD-2024-35421

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-39922
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-35421
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-35421
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-39922
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-35421 // NVD: CVE-2024-39922

PROBLEMTYPE DATA

problemtype:CWE-256

Trust: 1.0

sources: NVD: CVE-2024-39922

PATCH

title:Patch for Siemens LOGO! Password Plaintext Storage Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/576976

Trust: 0.6

sources: CNVD: CNVD-2024-35421

EXTERNAL IDS

db:SIEMENSid:SSA-921449

Trust: 1.6

db:NVDid:CVE-2024-39922

Trust: 1.6

db:CNVDid:CNVD-2024-35421

Trust: 0.6

sources: CNVD: CNVD-2024-35421 // NVD: CVE-2024-39922

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-921449.html

Trust: 1.6

sources: CNVD: CNVD-2024-35421 // NVD: CVE-2024-39922

SOURCES

db:CNVDid:CNVD-2024-35421
db:NVDid:CVE-2024-39922

LAST UPDATE DATE

2024-08-24T23:02:03.610000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-35421date:2024-08-14T00:00:00
db:NVDid:CVE-2024-39922date:2024-08-13T12:58:25.437

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-35421date:2024-08-14T00:00:00
db:NVDid:CVE-2024-39922date:2024-08-13T08:15:11.567