← voltar
CVE-2022-36361

CVE-2022-36361

CVSS 9.8 CRITICALEPSS 0.9%CWE-120
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C
Produtos afetados
Siemens · LOGO! 12/24RCESiemens · LOGO! 12/24RCEoSiemens · LOGO! 230RCESiemens · LOGO! 230RCEoSiemens · LOGO! 24CESiemens · LOGO! 24CEoSiemens · LOGO! 24RCESiemens · LOGO! 24RCEoSiemens · SIPLUS LOGO! 12/24RCESiemens · SIPLUS LOGO! 12/24RCEoSiemens · SIPLUS LOGO! 230RCESiemens · SIPLUS LOGO! 230RCEoSiemens · SIPLUS LOGO! 24CESiemens · SIPLUS LOGO! 24CEoSiemens · SIPLUS LOGO! 24RCESiemens · SIPLUS LOGO! 24RCEo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert-portal.siemens.com/productcert/html/ssa-955858.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf