CVE-2022-36362

Description

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf	patch vendor advisory
https://cert-portal.siemens.com/productcert/html/ssa-955858.html

Frequently Asked Questions

What is the severity of CVE-2022-36362?: CVE-2022-36362 has been scored as a high severity vulnerability.
How to fix CVE-2022-36362?: To fix CVE-2022-36362, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-36362 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-36362 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-36362?: CVE-2022-36362 affects Siemens LOGO! 12/24RCE, Siemens LOGO! 12/24RCE, Siemens LOGO! 12/24RCEo, Siemens LOGO! 12/24RCEo, Siemens LOGO! 230RCE, Siemens LOGO! 230RCE, Siemens LOGO! 230RCEo, Siemens LOGO! 230RCEo, Siemens LOGO! 24CE, Siemens LOGO! 24CE, Siemens LOGO! 24CEo, Siemens LOGO! 24CEo, Siemens LOGO! 24RCE, Siemens LOGO! 24RCE, Siemens LOGO! 24RCEo, Siemens LOGO! 24RCEo, Siemens SIPLUS LOGO! 12/24RCE, Siemens SIPLUS LOGO! 12/24RCE, Siemens SIPLUS LOGO! 12/24RCEo, Siemens SIPLUS LOGO! 12/24RCEo, Siemens SIPLUS LOGO! 230RCE, Siemens SIPLUS LOGO! 230RCE, Siemens SIPLUS LOGO! 230RCEo, Siemens SIPLUS LOGO! 230RCEo, Siemens SIPLUS LOGO! 24CE, Siemens SIPLUS LOGO! 24CE, Siemens SIPLUS LOGO! 24CEo, Siemens SIPLUS LOGO! 24CEo, Siemens SIPLUS LOGO! 24RCE, Siemens SIPLUS LOGO! 24RCE, Siemens SIPLUS LOGO! 24RCEo, Siemens SIPLUS LOGO! 24RCEo.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions