CVE-2022-36362

Name of the Vulnerable Software and Affected Versions LOGO! 12/24RCE versions 6ED1052-1MD08-0BA1 through 6ED1052-1MD08-0BA2 LOGO! 12/24RCEo versions 6ED1052-2MD08-0BA1 through 6ED1052-2MD08-0BA2 LOGO! 230RCE versions 6ED1052-1FB08-0BA1 through 6ED1052-1FB08-0BA2 LOGO! 230RCEo versions 6ED1052-2FB08-0BA1 through 6ED1052-2FB08-0BA2 LOGO! 24CE versions 6ED1052-1CC08-0BA1 through 6ED1052-1CC08-0BA2 LOGO! 24CEo versions 6ED1052-2CC08-0BA1 through 6ED1052-2CC08-0BA2 LOGO! 24RCE versions 6ED1052-1HB08-0BA1 through 6ED1052-1HB08-0BA2 LOGO! 24RCEo versions 6ED1052-2HB08-0BA1 through 6ED1052-2HB08-0BA2 SIPLUS LOGO! 12/24RCE versions 6AG1052-1MD08-7BA1 through 6AG1052-1MD08-7BA2 SIPLUS LOGO! 12/24RCEo versions 6AG1052-2MD08-7BA1 through 6AG1052-2MD08-7BA2 SIPLUS LOGO! 230RCE versions 6AG1052-1FB08-7BA1 through 6AG1052-1FB08-7BA2 SIPLUS LOGO! 230RCEo versions 6AG1052-2FB08-7BA1 through 6AG1052-2FB08-7BA2 SIPLUS LOGO! 24CE versions 6AG1052-1CC08-7BA1 through 6AG1052-1CC08-7BA2 SIPLUS LOGO! 24CEo versions 6AG1052-2CC08-7BA1 through 6AG1052-2CC08-7BA2 SIPLUS LOGO! 24RCE versions 6AG1052-1HB08-7BA1 through 6AG1052-1HB08-7BA2 SIPLUS LOGO! 24RCEo versions 6AG1052-2HB08-7BA1 through 6AG1052-2HB08-7BA2 LOGO! 8 BM (incl. SIPLUS variants) version All versions

Description The issue is related to insufficient input validation in the software of Siemens LOGO!8 BM and SIPLUS LOGO! programmable logic controllers. This could allow an unauthenticated remote attacker to manipulate the device's IP address, making it unreachable and only recoverable by power cycling the device.

Recommendations As a temporary workaround, consider restricting access to the affected devices until a patch is available. For LOGO! 12/24RCE versions 6ED1052-1MD08-0BA1 through 6ED1052-1MD08-0BA2, update to a version that includes the fix for this issue. For LOGO! 12/24RCEo versions 6ED1052-2MD08-0BA1 through 6ED1052-2MD08-0BA2, update to a version that includes the fix for this issue. For LOGO! 230RCE versions 6ED1052-1FB08-0BA1 through 6ED1052-1FB08-0BA2, update to a version that includes the fix for this issue. For LOGO! 230RCEo versions 6ED1052-2FB08-0BA1 through 6ED1052-2FB08-0BA2, update to a version that includes the fix for this issue. For LOGO! 24CE versions 6ED1052-1CC08-0BA1 through 6ED1052-1CC08-0BA2, update to a version that includes the fix for this issue. For LOGO! 24CEo versions 6ED1052-2CC08-0BA1 through 6ED1052-2CC08-0BA2, update to a version that includes the fix for this issue. For LOGO! 24RCE versions 6ED1052-1HB08-0BA1 through 6ED1052-1HB08-0BA2, update to a version that includes the fix for this issue. For LOGO! 24RCEo versions 6ED1052-2HB08-0BA1 through 6ED1052-2HB08-0BA2, update to a version that includes the fix for this issue. For SIPLUS LOGO! 12/24RCE versions 6AG1052-1MD08-7BA1 through 6AG1052-1MD08-7BA2, update to a version that includes the fix for this issue. For SIPLUS LOGO! 12/24RCEo versions 6AG1052-2MD08-7BA1 through 6AG1052-2MD08-7BA2, update to a version that includes the fix for this issue. For SIPLUS LOGO! 230RCE versions 6AG1052-1FB08-7BA1 through 6AG1052-1FB08-7BA2, update to a version that includes the fix for this issue. For SIPLUS LOGO! 230RCEo versions 6AG1052-2FB08-7BA1 through 6AG1052-2FB08-7BA2, update to a version that includes the fix for this issue. For SIPLUS LOGO! 24CE versions 6AG1052-1CC08-7BA1 through 6AG1052-1CC08-7BA2, update to a version that includes the fix for this issue. For SIPLUS LOGO! 24CEo versions 6AG1052-2CC08-7BA1 through 6AG1052-2CC08-7BA2, update to a version that includes the fix for this issue. For SIPLUS LOGO! 24RCE versions 6AG1052-1HB08-7BA1 through 6AG1052-1HB08-7BA2, update to a version that includes the fix for this issue. For SIPLUS LOGO! 24RCEo versions 6AG1052-2HB08-7BA1 through 6AG1052-2HB08-7BA2, update to a version that includes the fix for this issue. For LOGO! 8 BM (incl. SIPLUS variants) version All versions, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.