CVE-2022-36360

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.

Se ha identificado una vulnerabilidad en LOGO! 8 BM (incluidas las variantes SIPLUS) (todas las versiones anteriores a V8.3). Los dispositivos afectados cargan actualizaciones de firmware sin comprobar su autenticidad. Además, la integridad del firmware sin cifrar sólo es verificada mediante un método no criptográfico. Esto podría permitir a un atacante manipular una actualización de firmware y grabarla en el dispositivo

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-21 CVE Reserved
2022-10-11 CVE Published
2024-05-03 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-345: Insufficient Verification of Data Authenticity
CWE-354: Improper Validation of Integrity Check Value

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-928782.pdf	2023-07-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Logo\! 8 Bm Firmware Search vendor "Siemens" for product "Logo\! 8 Bm Firmware"	< 8.3 Search vendor "Siemens" for product "Logo\! 8 Bm Firmware" and version " < 8.3"	-	Affected	in	Siemens Search vendor "Siemens"	Logo\!8 Bm Search vendor "Siemens" for product "Logo\!8 Bm"	-	-	Safe
Siemens Search vendor "Siemens"	Logo\!8 Bm Fs-05 Firmware Search vendor "Siemens" for product "Logo\!8 Bm Fs-05 Firmware"	< 8.3 Search vendor "Siemens" for product "Logo\!8 Bm Fs-05 Firmware" and version " < 8.3"	-	Affected	in	Siemens Search vendor "Siemens"	Logo\!8 Bm Fs-05 Search vendor "Siemens" for product "Logo\!8 Bm Fs-05"	-	-	Safe