CVE-2022-36363

Name of the Vulnerable Software and Affected Versions LOGO! 12/24RCE versions 6ED1052-1MD08-0BA1 LOGO! 12/24RCEo versions 6ED1052-2MD08-0BA1 LOGO! 230RCE versions 6ED1052-1FB08-0BA1 LOGO! 230RCEo versions 6ED1052-2FB08-0BA1 LOGO! 24CE versions 6ED1052-1CC08-0BA1 LOGO! 24CEo versions 6ED1052-2CC08-0BA1 LOGO! 24RCE versions 6ED1052-1HB08-0BA1 LOGO! 24RCEo versions 6ED1052-2HB08-0BA1 SIPLUS LOGO! 12/24RCE versions 6AG1052-1MD08-7BA1 SIPLUS LOGO! 12/24RCEo versions 6AG1052-2MD08-7BA1 SIPLUS LOGO! 230RCE versions 6AG1052-1FB08-7BA1 SIPLUS LOGO! 230RCEo versions 6AG1052-2FB08-7BA1 SIPLUS LOGO! 24CE versions 6AG1052-1CC08-7BA1 SIPLUS LOGO! 24CEo versions 6AG1052-2CC08-7BA1 SIPLUS LOGO! 24RCE versions 6AG1052-1HB08-7BA1 SIPLUS LOGO! 24RCEo versions 6AG1052-2HB08-7BA1

Description The affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory. The issue is related to incorrect checking of the specified index, position, or offset in input data when processing TCP packets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.