// For flags

CVE-2024-39922

 

Severity Score

5.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs.

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
None
None
Availability
None
None
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-07-03 CVE Reserved
  • 2024-08-13 CVE Published
  • 2024-08-13 EPSS Updated
  • 2024-08-14 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-256: Plaintext Storage of a Password
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
LOGO! 12/24RCE
Search vendor "Siemens" for product "LOGO! 12/24RCE"
0
Search vendor "Siemens" for product "LOGO! 12/24RCE" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
LOGO! 12/24RCEo
Search vendor "Siemens" for product "LOGO! 12/24RCEo"
0
Search vendor "Siemens" for product "LOGO! 12/24RCEo" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
LOGO! 230RCE
Search vendor "Siemens" for product "LOGO! 230RCE"
0
Search vendor "Siemens" for product "LOGO! 230RCE" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
LOGO! 230RCEo
Search vendor "Siemens" for product "LOGO! 230RCEo"
0
Search vendor "Siemens" for product "LOGO! 230RCEo" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
LOGO! 24CE
Search vendor "Siemens" for product "LOGO! 24CE"
0
Search vendor "Siemens" for product "LOGO! 24CE" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
LOGO! 24CEo
Search vendor "Siemens" for product "LOGO! 24CEo"
0
Search vendor "Siemens" for product "LOGO! 24CEo" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
LOGO! 24RCE
Search vendor "Siemens" for product "LOGO! 24RCE"
0
Search vendor "Siemens" for product "LOGO! 24RCE" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
LOGO! 24RCEo
Search vendor "Siemens" for product "LOGO! 24RCEo"
0
Search vendor "Siemens" for product "LOGO! 24RCEo" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
SIPLUS LOGO! 12/24RCE
Search vendor "Siemens" for product "SIPLUS LOGO! 12/24RCE"
0
Search vendor "Siemens" for product "SIPLUS LOGO! 12/24RCE" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
SIPLUS LOGO! 12/24RCEo
Search vendor "Siemens" for product "SIPLUS LOGO! 12/24RCEo"
0
Search vendor "Siemens" for product "SIPLUS LOGO! 12/24RCEo" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
SIPLUS LOGO! 230RCE
Search vendor "Siemens" for product "SIPLUS LOGO! 230RCE"
0
Search vendor "Siemens" for product "SIPLUS LOGO! 230RCE" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
SIPLUS LOGO! 230RCEo
Search vendor "Siemens" for product "SIPLUS LOGO! 230RCEo"
0
Search vendor "Siemens" for product "SIPLUS LOGO! 230RCEo" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
SIPLUS LOGO! 24CE
Search vendor "Siemens" for product "SIPLUS LOGO! 24CE"
0
Search vendor "Siemens" for product "SIPLUS LOGO! 24CE" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
SIPLUS LOGO! 24CEo
Search vendor "Siemens" for product "SIPLUS LOGO! 24CEo"
0
Search vendor "Siemens" for product "SIPLUS LOGO! 24CEo" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
SIPLUS LOGO! 24RCE
Search vendor "Siemens" for product "SIPLUS LOGO! 24RCE"
0
Search vendor "Siemens" for product "SIPLUS LOGO! 24RCE" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
SIPLUS LOGO! 24RCEo
Search vendor "Siemens" for product "SIPLUS LOGO! 24RCEo"
0
Search vendor "Siemens" for product "SIPLUS LOGO! 24RCEo" and version "0"
en
Affected