CVE-2022-36362

Summary

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.

Affected Software

VendorProductVersion RangeStatus
SiemensLOGO! 12/24RCEAll versionsaffected
SiemensLOGO! 12/24RCEAll versionsaffected
SiemensLOGO! 12/24RCEoAll versionsaffected
SiemensLOGO! 12/24RCEoAll versionsaffected
SiemensLOGO! 230RCEAll versionsaffected
SiemensLOGO! 230RCEAll versionsaffected
SiemensLOGO! 230RCEoAll versionsaffected
SiemensLOGO! 230RCEoAll versionsaffected
SiemensLOGO! 24CEAll versionsaffected
SiemensLOGO! 24CEAll versionsaffected
SiemensLOGO! 24CEoAll versionsaffected
SiemensLOGO! 24CEoAll versionsaffected
SiemensLOGO! 24RCEAll versionsaffected
SiemensLOGO! 24RCEAll versionsaffected
SiemensLOGO! 24RCEoAll versionsaffected
SiemensLOGO! 24RCEoAll versionsaffected
SiemensSIPLUS LOGO! 12/24RCEAll versionsaffected
SiemensSIPLUS LOGO! 12/24RCEAll versionsaffected
SiemensSIPLUS LOGO! 12/24RCEoAll versionsaffected
SiemensSIPLUS LOGO! 12/24RCEoAll versionsaffected
SiemensSIPLUS LOGO! 230RCEAll versionsaffected
SiemensSIPLUS LOGO! 230RCEAll versionsaffected
SiemensSIPLUS LOGO! 230RCEoAll versionsaffected
SiemensSIPLUS LOGO! 230RCEoAll versionsaffected
SiemensSIPLUS LOGO! 24CEAll versionsaffected
SiemensSIPLUS LOGO! 24CEAll versionsaffected
SiemensSIPLUS LOGO! 24CEoAll versionsaffected
SiemensSIPLUS LOGO! 24CEoAll versionsaffected
SiemensSIPLUS LOGO! 24RCEAll versionsaffected
SiemensSIPLUS LOGO! 24RCEAll versionsaffected
SiemensSIPLUS LOGO! 24RCEoAll versionsaffected
SiemensSIPLUS LOGO! 24RCEoAll versionsaffected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References