CVE-2022-36361
CVE-2022-36361
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
11 oct 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C
Productos afectados
Siemens · LOGO! 12/24RCESiemens · LOGO! 12/24RCEoSiemens · LOGO! 230RCESiemens · LOGO! 230RCEoSiemens · LOGO! 24CESiemens · LOGO! 24CEoSiemens · LOGO! 24RCESiemens · LOGO! 24RCEoSiemens · SIPLUS LOGO! 12/24RCESiemens · SIPLUS LOGO! 12/24RCEoSiemens · SIPLUS LOGO! 230RCESiemens · SIPLUS LOGO! 230RCEoSiemens · SIPLUS LOGO! 24CESiemens · SIPLUS LOGO! 24CEoSiemens · SIPLUS LOGO! 24RCESiemens · SIPLUS LOGO! 24RCEo¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →