CVE-2020-25236

Summary

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.

Affected Software

VendorProductVersion RangeStatus
SiemensLOGO! 12/24RCE0 < *affected
SiemensLOGO! 12/24RCEo0 < *affected
SiemensLOGO! 230RCE0 < *affected
SiemensLOGO! 230RCEo0 < *affected
SiemensLOGO! 24CE0 < *affected
SiemensLOGO! 24CEo0 < *affected
SiemensLOGO! 24RCE0 < *affected
SiemensLOGO! 24RCEo0 < *affected
SiemensSIPLUS LOGO! 12/24RCE0 < *affected
SiemensSIPLUS LOGO! 12/24RCEo0 < *affected
SiemensSIPLUS LOGO! 230RCE0 < *affected
SiemensSIPLUS LOGO! 230RCEo0 < *affected
SiemensSIPLUS LOGO! 24CE0 < *affected
SiemensSIPLUS LOGO! 24CEo0 < *affected
SiemensSIPLUS LOGO! 24RCE0 < *affected
SiemensSIPLUS LOGO! 24RCEo0 < *affected

Weaknesses

  • CWE-755: CWE-755: Improper Handling of Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

References