CVE-2022-36363 - OpenCVE

A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Logo\!8 Bm Fs-05 Firmware Logo\!8 Bm Fs-05 Logo\!8 Bm Logo\! 8 Bm Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:logo\!_8_bm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:logo\!8_bm:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:logo\!8_bm_fs-05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:logo\!8_bm_fs-05:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2022-10-11T00:00:00

Updated: 2023-12-12T11:25:22.650Z

Reserved: 2022-07-21T00:00:00

Link: CVE-2022-36363

JSON object: View

NVD Information

Status : Modified

Published: 2022-10-11T11:15:10.163

Modified: 2023-12-12T12:15:09.740

Link: CVE-2022-36363

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-36363", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "dateUpdated": "2023-12-12T11:25:22.650Z", "dateReserved": "2022-07-21T00:00:00", "datePublished": "2022-10-11T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-12-12T11:25:22.650Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory."}], "affected": [{"vendor": "Siemens", "product": "LOGO! 12/24RCE", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "LOGO! 12/24RCEo", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "LOGO! 230RCE", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "LOGO! 230RCEo", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "LOGO! 24CE", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "LOGO! 24CEo", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "LOGO! 24RCE", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "LOGO! 24RCEo", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS LOGO! 12/24RCE", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS LOGO! 12/24RCEo", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS LOGO! 230RCE", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS LOGO! 230RCEo", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS LOGO! 24CE", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS LOGO! 24CEo", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS LOGO! 24RCE", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS LOGO! 24RCEo", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1285", "description": "CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:logo\\!_8_bm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "30D1F67A-91A8-4820-BF8B-0A708CDA057B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:logo\\!8_bm:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DEFAEB6-4E18-418B-AA85-1BD5F1752396", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:logo\\!8_bm_fs-05_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "901D7BFD-6AD3-4764-B437-AFF5D63D9FA3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:logo\\!8_bm_fs-05:-:*:*:*:*:*:*:*", "matchCriteriaId": "641F5F08-8D9F-425C-9735-DC174431EEA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en LOGO! 8 BM (incluidas las variantes SIPLUS) (todas las versiones). Los dispositivos afectados no comprueban apropiadamente un valor de desplazamiento que puede ser definido en paquetes TCP cuando es llamado a un m\u00e9todo. Esto podr\u00eda permitir a un atacante recuperar partes del contenido de la memoria"}], "id": "CVE-2022-36363", "lastModified": "2023-12-12T12:15:09.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "productcert@siemens.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-10-11T11:15:10.163", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1285"}], "source": "productcert@siemens.com", "type": "Secondary"}]}