CVE-2022-42784

Name of the Vulnerable Software and Affected Versions LOGO! 12/24RCE versions 8.3 and later LOGO! 12/24RCEo versions 8.3 and later LOGO! 230RCE versions 8.3 and later LOGO! 230RCEo versions 8.3 and later LOGO! 24CE versions 8.3 and later LOGO! 24CEo versions 8.3 and later LOGO! 24RCE versions 8.3 and later LOGO! 24RCEo versions 8.3 and later SIPLUS LOGO! 12/24RCE versions 8.3 and later SIPLUS LOGO! 12/24RCEo versions 8.3 and later SIPLUS LOGO! 230RCE versions 8.3 and later SIPLUS LOGO! 230RCEo versions 8.3 and later SIPLUS LOGO! 24CE versions 8.3 and later SIPLUS LOGO! 24CEo versions 8.3 and later SIPLUS LOGO! 24RCE versions 8.3 and later SIPLUS LOGO! 24RCEo versions 8.3 and later

Description The affected devices are vulnerable to an electromagnetic fault injection, which could allow an attacker to dump and debug the firmware, including the manipulation of memory. This could further allow the injection of public keys of custom-created key pairs, which are then signed by the product CA. The generation of a custom certificate enables communication with, and impersonation of, any device of the same version.

Recommendations For LOGO! 12/24RCE versions 8.3 and later, update to a version that includes a fix for this issue. For LOGO! 12/24RCEo versions 8.3 and later, update to a version that includes a fix for this issue. For LOGO! 230RCE versions 8.3 and later, update to a version that includes a fix for this issue. For LOGO! 230RCEo versions 8.3 and later, update to a version that includes a fix for this issue. For LOGO! 24CE versions 8.3 and later, update to a version that includes a fix for this issue. For LOGO! 24CEo versions 8.3 and later, update to a version that includes a fix for this issue. For LOGO! 24RCE versions 8.3 and later, update to a version that includes a fix for this issue. For LOGO! 24RCEo versions 8.3 and later, update to a version that includes a fix for this issue. For SIPLUS LOGO! 12/24RCE versions 8.3 and later, update to a version that includes a fix for this issue. For SIPLUS LOGO! 12/24RCEo versions 8.3 and later, update to a version that includes a fix for this issue. For SIPLUS LOGO! 230RCE versions 8.3 and later, update to a version that includes a fix for this issue. For SIPLUS LOGO! 230RCEo versions 8.3 and later, update to a version that includes a fix for this issue. For SIPLUS LOGO! 24CE versions 8.3 and later, update to a version that includes a fix for this issue. For SIPLUS LOGO! 24CEo versions 8.3 and later, update to a version that includes a fix for this issue. For SIPLUS LOGO! 24RCE versions 8.3 and later, update to a version that includes a fix for this issue. For SIPLUS LOGO! 24RCEo versions 8.3 and later, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.