Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-42784

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.

Published

2023-12-12T10:15:09.560

Last Modified

2024-11-21T07:25:20.120

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-1319
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	6ed1052-1md08-0ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ed1052-1md08-0ba1	-	No
Operating System	siemens	6ed1052-2md08-0ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ed1052-2md08-0ba1	-	No
Operating System	siemens	6ed1052-1cc08-0ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ed1052-1cc08-0ba1	-	No
Operating System	siemens	6ed1052-2cc08-0ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ed1052-2cc08-0ba1	-	No
Operating System	siemens	6ed1052-1hb08-0ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ed1052-1hb08-0ba1	-	No
Operating System	siemens	6ed1052-2hb08-0ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ed1052-2hb08-0ba1	-	No
Operating System	siemens	6ed1052-1fb08-0ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ed1052-1fb08-0ba1	-	No
Operating System	siemens	6ed1052-2fb08-0ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ed1052-2fb08-0ba1	-	No
Operating System	siemens	6ag1052-1md08-7ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ag1052-1md08-7ba1	-	No
Operating System	siemens	6ag1052-2md08-7ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ag1052-2md08-7ba1	-	No
Operating System	siemens	6ag1052-1cc08-7ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ag1052-1cc08-7ba1	-	No
Operating System	siemens	6ag1052-2cc08-7ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ag1052-2cc08-7ba1	-	No
Operating System	siemens	6ag1052-1hb08-7ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ag1052-1hb08-7ba1	-	No
Operating System	siemens	6ag1052-2hb08-7ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ag1052-2hb08-7ba1	-	No
Operating System	siemens	6ag1052-1fb08-7ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ag1052-1fb08-7ba1	-	No
Operating System	siemens	6ag1052-2fb08-7ba1_firmware	≤ 8.3	Yes
Hardware	siemens	6ag1052-2fb08-7ba1	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-844582.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)