CVE-2025-40816

Summary

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable.

Affected Software

VendorProductVersion RangeStatus
SiemensLOGO! 12/24RCE0 < *affected
SiemensLOGO! 12/24RCEo0 < *affected
SiemensLOGO! 230RCE0 < *affected
SiemensLOGO! 230RCEo0 < *affected
SiemensLOGO! 24CE0 < *affected
SiemensLOGO! 24CEo0 < *affected
SiemensLOGO! 24RCE0 < *affected
SiemensLOGO! 24RCEo0 < *affected
SiemensSIPLUS LOGO! 12/24RCE0 < *affected
SiemensSIPLUS LOGO! 12/24RCEo0 < *affected
SiemensSIPLUS LOGO! 230RCE0 < *affected
SiemensSIPLUS LOGO! 230RCEo0 < *affected
SiemensSIPLUS LOGO! 24CE0 < *affected
SiemensSIPLUS LOGO! 24CEo0 < *affected
SiemensSIPLUS LOGO! 24RCE0 < *affected
SiemensSIPLUS LOGO! 24RCEo0 < *affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References