Sign-up

ID

VAR-202210-0504


CVE

CVE-2022-36361


TITLE

Siemens'  logo! 8 bm  firmware and  Siemens LOGO!8 BM FS-05  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-018834

DESCRIPTION

A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. Siemens' logo! 8 bm firmware and Siemens LOGO!8 BM FS-05 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-36361 // JVNDB: JVNDB-2022-018834

AFFECTED PRODUCTS

vendor:siemensmodel:logo\!8 bm fs-05scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:logo\! 8 bmscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:siemens logo!8 bm fs-05scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:logo! 8 bmscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018834 // NVD: CVE-2022-36361

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-36361
value: CRITICAL

Trust: 1.8

productcert@siemens.com: CVE-2022-36361
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202210-525
value: CRITICAL

Trust: 0.6

productcert@siemens.com:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-36361
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018834 // NVD: CVE-2022-36361 // NVD: CVE-2022-36361 // CNNVD: CNNVD-202210-525

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018834 // NVD: CVE-2022-36361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-525

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-525

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-36361

PATCH
title:Siemens LOGO! 8 BM Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=210600
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202210-525

EXTERNAL IDS
db:NVDid:CVE-2022-36361
Trust: 3.2
db:SIEMENSid:SSA-955858
Trust: 2.4
db:ICS CERTid:ICSA-22-286-13
Trust: 1.4
db:JVNid:JVNVU92214181
Trust: 0.8
db:JVNDBid:JVNDB-2022-018834
Trust: 0.8
db:CNNVDid:CNNVD-202210-525
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-018834 // 
            
            
            
            NVD: CVE-2022-36361 // 
            
            
            
            CNNVD: CNNVD-202210-525

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf
Trust: 2.4
url:https://jvn.jp/vu/jvnvu92214181/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-36361
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-13
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-286-13
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-36361/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-018834 // 
            
            
            
            NVD: CVE-2022-36361 // 
            
            
            
            CNNVD: CNNVD-202210-525

CREDITS
Cyber Research Group from Raytheon UK reported these vulnerabilities to Siemens.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202210-525

SOURCES
db:JVNDBid:JVNDB-2022-018834
db:NVDid:CVE-2022-36361
db:CNNVDid:CNNVD-202210-525

LAST UPDATE DATE
2023-12-18T11:04:09.896000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2022-018834date:2023-10-23T08:12:00
db:NVDid:CVE-2022-36361date:2023-12-12T12:15:09.510
db:CNNVDid:CNNVD-202210-525date:2022-10-14T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2022-018834date:2023-10-23T00:00:00
db:NVDid:CVE-2022-36361date:2022-10-11T11:15:10.037
db:CNNVDid:CNNVD-202210-525date:2022-10-11T00:00:00