CVE-2020-25236
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:T/RC:C
Summary
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | LOGO! 12/24RCE | 0 < * | affected |
| Siemens | LOGO! 12/24RCEo | 0 < * | affected |
| Siemens | LOGO! 230RCE | 0 < * | affected |
| Siemens | LOGO! 230RCEo | 0 < * | affected |
| Siemens | LOGO! 24CE | 0 < * | affected |
| Siemens | LOGO! 24CEo | 0 < * | affected |
| Siemens | LOGO! 24RCE | 0 < * | affected |
| Siemens | LOGO! 24RCEo | 0 < * | affected |
| Siemens | SIPLUS LOGO! 12/24RCE | 0 < * | affected |
| Siemens | SIPLUS LOGO! 12/24RCEo | 0 < * | affected |
| Siemens | SIPLUS LOGO! 230RCE | 0 < * | affected |
| Siemens | SIPLUS LOGO! 230RCEo | 0 < * | affected |
| Siemens | SIPLUS LOGO! 24CE | 0 < * | affected |
| Siemens | SIPLUS LOGO! 24CEo | 0 < * | affected |
| Siemens | SIPLUS LOGO! 24RCE | 0 < * | affected |
| Siemens | SIPLUS LOGO! 24RCEo | 0 < * | affected |
Weaknesses
- CWE-755: CWE-755: Improper Handling of Exceptional Conditions
ADP Enrichment
CVE Program Container
Additional References
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-783481.pdf
- https://cert-portal.siemens.com/productcert/html/ssa-783481.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.