CVE-2022-36360

Summary

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.

Affected Software

VendorProductVersion RangeStatus
SiemensLOGO! 8 BM (incl. SIPLUS variants)All versions < V8.3affected

Weaknesses

  • CWE-345: CWE-345: Insufficient Verification of Data Authenticity

ADP Enrichment

CVE Program Container

Additional References

References