PT-2022-23329 · Siemens · Logo! 8 Bm

Published

2022-10-11

Updated

2023-07-21

CVE-2022-36360

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions LOGO! 8 BM (incl. SIPLUS variants) versions prior to V8.3

Description A vulnerability has been identified where affected devices load firmware updates without checking the authenticity. The integrity of the unencrypted firmware is only verified by a non-cryptographic method, which could allow an attacker to manipulate a firmware update and flash it to the device.

Recommendations For versions prior to V8.3, update to version V8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to firmware updates until a patch is applied. Avoid loading firmware updates from untrusted sources to minimize the risk of exploitation.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-354

Related Identifiers

CVE-2022-36360

Affected Products

Logo! 8 Bm

PT-2022-23329 · Siemens · Logo! 8 Bm

CVE-2022-36360

Weakness Enumeration

Related Identifiers

Affected Products

References · 4