Lucene search

SiemensCVELIST:CVE-2022-36360

HistoryOct 11, 2022 - 12:00 a.m.

CVE-2022-36360

2022-10-1100:00:00

CWE-345

siemens

www.cve.org

cve-2022-36360

logo! 8 bm

firmware update

authenticity checking

unencrypted firmware

attacker manipulation

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "LOGO! 8 BM (incl. SIPLUS variants)",
    "versions": [
      {
        "version": "All versions < V8.3",
        "status": "affected"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-928782.pdf