CVE-2022-36363

Summary

CVE	CVE-2022-36363
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-10-11 11:15:00 UTC
Updated	2023-12-12 12:15:00 UTC
Description	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	Logo!8 Bm	-	All	All	All
Hardware	Siemens	Logo!8 Bm Fs-05	-	All	All	All
Operating System	Siemens	Logo!8 Bm Fs-05 Firmware	All	All	All	All
Operating System	Siemens	Logo! 8 Bm Firmware	All	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf	MISC	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591211 Siemens LOGO! 8 BM Devices Multiple Vulnerabilities (ICSA-22-286-13, SSA-955858)