CVE-2022-36361

Name of the Vulnerable Software and Affected Versions LOGO! 12/24RCE versions 6ED1052-1MD08-0BA1 LOGO! 12/24RCEo versions 6ED1052-2MD08-0BA1 LOGO! 230RCE versions 6ED1052-1FB08-0BA1 LOGO! 230RCEo versions 6ED1052-2FB08-0BA1 LOGO! 24CE versions 6ED1052-1CC08-0BA1 LOGO! 24CEo versions 6ED1052-2CC08-0BA1 LOGO! 24RCE versions 6ED1052-1HB08-0BA1 LOGO! 24RCEo versions 6ED1052-2HB08-0BA1 SIPLUS LOGO! 12/24RCE versions 6AG1052-1MD08-7BA1 SIPLUS LOGO! 12/24RCEo versions 6AG1052-2MD08-7BA1 SIPLUS LOGO! 230RCE versions 6AG1052-1FB08-7BA1 SIPLUS LOGO! 230RCEo versions 6AG1052-2FB08-7BA1 SIPLUS LOGO! 24CE versions 6AG1052-1CC08-7BA1 SIPLUS LOGO! 24CEo versions 6AG1052-2CC08-7BA1 SIPLUS LOGO! 24RCE versions 6AG1052-1HB08-7BA1 SIPLUS LOGO! 24RCEo versions 6AG1052-2HB08-7BA1

Description The affected devices do not properly validate the structure of TCP packets in several methods, which could allow an attacker to cause buffer overflows, gain control over the instruction counter, and run custom code. This issue is related to the programmatic logic controllers Siemens LOGO! and SIPLUS LOGO!.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.