{"api_version":"1","generated_at":"2026-04-27T02:57:10+00:00","cve":"CVE-2022-36362","urls":{"html":"https://cve.report/CVE-2022-36362","api":"https://cve.report/api/cve/CVE-2022-36362.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-36362","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-36362"},"summary":{"title":"CVE-2022-36362","description":"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.","state":"PUBLIC","assigner":"productcert@siemens.com","published_at":"2022-10-11 11:15:00","updated_at":"2023-12-12 12:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-36362","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36362","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"36362","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"logo\\!8_bm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"36362","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"logo\\!8_bm_fs-05","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"36362","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"logo\\!8_bm_fs-05_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"36362","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"logo\\!_8_bm_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-36362","qid":"591211","title":"Siemens LOGO! 8 BM Devices Multiple Vulnerabilities (ICSA-22-286-13, SSA-955858)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"productcert@siemens.com","ID":"CVE-2022-36362","STATE":"PUBLIC"},"data_format":"MITRE","data_version":"4.0","data_type":"CVE","affects":{"vendor":{"vendor_data":[{"vendor_name":"Siemens","product":{"product_data":[{"product_name":"LOGO! 8 BM (incl. SIPLUS variants)","version":{"version_data":[{"version_value":"All versions"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20: Improper Input Validation"}]}]},"description":{"description_data":[{"lang":"eng","value":"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device."}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf"}]}},"nvd":{"publishedDate":"2022-10-11 11:15:00","lastModifiedDate":"2023-12-12 12:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:siemens:logo\\!_8_bm_firmware:*:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:siemens:logo\\!8_bm:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:siemens:logo\\!8_bm_fs-05_firmware:*:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:siemens:logo\\!8_bm_fs-05:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}