Sign-up

ID

VAR-202210-0505


CVE

CVE-2022-36363


TITLE

Siemens'  logo! 8 bm  firmware and  Siemens LOGO!8 BM FS-05  Firmware Input Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-018832

DESCRIPTION

A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory. Siemens' logo! 8 bm firmware and Siemens LOGO!8 BM FS-05 There is an input validation vulnerability in firmware.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-36363 // JVNDB: JVNDB-2022-018832

AFFECTED PRODUCTS

vendor:siemensmodel:logo\!8 bm fs-05scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:logo\! 8 bmscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:siemens logo!8 bm fs-05scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:logo! 8 bmscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018832 // NVD: CVE-2022-36363

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-36363
value: MEDIUM

Trust: 1.8

productcert@siemens.com: CVE-2022-36363
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202210-515
value: MEDIUM

Trust: 0.6

productcert@siemens.com:
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2022-36363
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018832 // NVD: CVE-2022-36363 // NVD: CVE-2022-36363 // CNNVD: CNNVD-202210-515

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018832 // NVD: CVE-2022-36363

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-515

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-515

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-36363

PATCH
title:Siemens LOGO! 8 BM Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=210596
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202210-515

EXTERNAL IDS
db:NVDid:CVE-2022-36363
Trust: 3.2
db:SIEMENSid:SSA-955858
Trust: 2.4
db:ICS CERTid:ICSA-22-286-13
Trust: 1.4
db:JVNid:JVNVU92214181
Trust: 0.8
db:JVNDBid:JVNDB-2022-018832
Trust: 0.8
db:CNNVDid:CNNVD-202210-515
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-018832 // 
            
            
            
            NVD: CVE-2022-36363 // 
            
            
            
            CNNVD: CNNVD-202210-515

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf
Trust: 2.4
url:https://jvn.jp/vu/jvnvu92214181/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-36363
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-13
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-286-13
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-36363/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-018832 // 
            
            
            
            NVD: CVE-2022-36363 // 
            
            
            
            CNNVD: CNNVD-202210-515

CREDITS
Cyber Research Group from Raytheon UK reported these vulnerabilities to Siemens.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202210-515

SOURCES
db:JVNDBid:JVNDB-2022-018832
db:NVDid:CVE-2022-36363
db:CNNVDid:CNNVD-202210-515

LAST UPDATE DATE
2023-12-18T11:37:41.043000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2022-018832date:2023-10-23T08:12:00
db:NVDid:CVE-2022-36363date:2023-12-12T12:15:09.740
db:CNNVDid:CNNVD-202210-515date:2022-10-14T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2022-018832date:2023-10-23T00:00:00
db:NVDid:CVE-2022-36363date:2022-10-11T11:15:10.163
db:CNNVDid:CNNVD-202210-515date:2022-10-11T00:00:00