CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36360
https://notcve.org/view.php?id=CVE-2022-36360
11 Oct 2022 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. • https://cert-portal.siemens.com/productcert/pdf/ssa-928782.pdf • CWE-345: Insufficient Verification of Data Authenticity CWE-354: Improper Validation of Integrity Check Value •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36361
https://notcve.org/view.php?id=CVE-2022-36361
11 Oct 2022 — A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36362
https://notcve.org/view.php?id=CVE-2022-36362
11 Oct 2022 — A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 12/24RCEo (All versions), LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36363
https://notcve.org/view.php?id=CVE-2022-36363
11 Oct 2022 — A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf • CWE-20: Improper Input Validation CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25236
https://notcve.org/view.php?id=CVE-2020-25236
15 Mar 2021 — A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-783481.pdf • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25232
https://notcve.org/view.php?id=CVE-2020-25232
14 Dec 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp. Se ha identificado una vulnerabilidad en LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25233
https://notcve.org/view.php?id=CVE-2020-25233
14 Dec 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. Se ha identificado una vulnerabilidad en LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25234
https://notcve.org/view.php?id=CVE-2020-25234
14 Dec 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25235
https://notcve.org/view.php?id=CVE-2020-25235
14 Dec 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25228
https://notcve.org/view.php?id=CVE-2020-25228
14 Dec 2020 — A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. • https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf • CWE-306: Missing Authentication for Critical Function •