HIGH🇬🇧 English

CVE-2022-42784

CVSS 7.6v3.1pub. 2023-12-12upd. 2024-11-21

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.

oryginał EN
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Siemens 6ag1052 1cc08 7ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ag1052 1cc08 7ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ag1052 1fb08 7ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ag1052 1fb08 7ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ag1052 1hb08 7ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ag1052 1hb08 7ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ag1052 1md08 7ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ag1052 1md08 7ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ag1052 2cc08 7ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ag1052 2cc08 7ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ag1052 2fb08 7ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ag1052 2fb08 7ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ag1052 2hb08 7ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ag1052 2hb08 7ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ag1052 2md08 7ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ag1052 2md08 7ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ed1052 1cc08 0ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ed1052 1cc08 0ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ed1052 1fb08 0ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ed1052 1fb08 0ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ed1052 1hb08 0ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ed1052 1hb08 0ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ed1052 1md08 0ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ed1052 1md08 0ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ed1052 2cc08 0ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ed1052 2cc08 0ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ed1052 2fb08 0ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ed1052 2fb08 0ba1 Firmware

    OS
    Siemens
    ≤ 8.3
  • Siemens 6ed1052 2hb08 0ba1

    HW
    Siemens
    wszystkie wersje
  • Siemens 6ed1052 2hb08 0ba1 Firmware

    OS
    Siemens
    ≤ 8.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-0300CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML

CVE-2022-22965CRITICAL9.8⚠ KEVten sam vendor

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2021-45046CRITICAL9.0⚠ KEVten sam vendor

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-defau...