Sign-up

ID

VAR-202210-0503


CVE

CVE-2022-36362


TITLE

Siemens'  logo! 8 bm  firmware and  Siemens LOGO!8 BM FS-05  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-018833

DESCRIPTION

A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device. Siemens' logo! 8 bm firmware and Siemens LOGO!8 BM FS-05 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-36362 // JVNDB: JVNDB-2022-018833

AFFECTED PRODUCTS

vendor:siemensmodel:logo\!8 bm fs-05scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:logo\! 8 bmscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:siemens logo!8 bm fs-05scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:logo! 8 bmscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018833 // NVD: CVE-2022-36362

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-36362
value: HIGH

Trust: 1.8

productcert@siemens.com: CVE-2022-36362
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-514
value: HIGH

Trust: 0.6

productcert@siemens.com:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-36362
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018833 // NVD: CVE-2022-36362 // NVD: CVE-2022-36362 // CNNVD: CNNVD-202210-514

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018833 // NVD: CVE-2022-36362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-514

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-514

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-36362

PATCH
title:Siemens LOGO! 8 BM Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=210595
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202210-514

EXTERNAL IDS
db:NVDid:CVE-2022-36362
Trust: 3.2
db:SIEMENSid:SSA-955858
Trust: 2.4
db:ICS CERTid:ICSA-22-286-13
Trust: 1.4
db:JVNid:JVNVU92214181
Trust: 0.8
db:JVNDBid:JVNDB-2022-018833
Trust: 0.8
db:CNNVDid:CNNVD-202210-514
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-018833 // 
            
            
            
            NVD: CVE-2022-36362 // 
            
            
            
            CNNVD: CNNVD-202210-514

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf
Trust: 2.4
url:https://jvn.jp/vu/jvnvu92214181/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-36362
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-13
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-286-13
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-36362/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-018833 // 
            
            
            
            NVD: CVE-2022-36362 // 
            
            
            
            CNNVD: CNNVD-202210-514

CREDITS
Cyber Research Group from Raytheon UK reported these vulnerabilities to Siemens.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202210-514

SOURCES
db:JVNDBid:JVNDB-2022-018833
db:NVDid:CVE-2022-36362
db:CNNVDid:CNNVD-202210-514

LAST UPDATE DATE
2023-12-18T11:24:13.831000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2022-018833date:2023-10-23T08:12:00
db:NVDid:CVE-2022-36362date:2023-12-12T12:15:09.630
db:CNNVDid:CNNVD-202210-514date:2022-10-14T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2022-018833date:2023-10-23T00:00:00
db:NVDid:CVE-2022-36362date:2022-10-11T11:15:10.103
db:CNNVDid:CNNVD-202210-514date:2022-10-11T00:00:00