CVE-2022-42784

Published: Dic 12, 2023 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-45847 Aliases: GSD-2022-42784
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,6
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0013
Percentile
0,3th
Updated

EPSS Score Trend (Last 90 Days)

1319

Improper Protection against Electromagnetic Fault Injection (EM-FI)

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control Availability
Potential Impacts:
Modify Memory Read Memory Gain Privileges Or Assume Identity Bypass Protection Mechanism Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: Memory Hardware, Microcontroller Hardware, Power Management Hardware, Processor Hardware, Sensor Hardware, System on Chip, Test/Debug Hardware
View CWE Details
Operating System

6Ag1052-2Hb08-7Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ag1052-2Hb08-7Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ag1052-2hb08-7ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ed1052-1Cc08-0Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ed1052-1Cc08-0Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ed1052-1cc08-0ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ag1052-1Hb08-7Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ag1052-1Hb08-7Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ag1052-1hb08-7ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ed1052-2Md08-0Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ed1052-2Md08-0Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ed1052-2md08-0ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ag1052-1Fb08-7Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ag1052-1Fb08-7Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ag1052-1fb08-7ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ed1052-1Md08-0Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ed1052-1Md08-0Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ed1052-1md08-0ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ed1052-1Hb08-0Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ed1052-1Hb08-0Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ed1052-1hb08-0ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ag1052-2Cc08-7Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ag1052-2Cc08-7Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ag1052-2cc08-7ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ag1052-2Md08-7Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ag1052-2Md08-7Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ag1052-2md08-7ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ed1052-2Cc08-0Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ed1052-2Cc08-0Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ed1052-2cc08-0ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ag1052-1Md08-7Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ag1052-1Md08-7Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ag1052-1md08-7ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ed1052-2Fb08-0Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ed1052-2Fb08-0Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ed1052-2fb08-0ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ag1052-1Cc08-7Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ag1052-1Cc08-7Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ag1052-1cc08-7ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ed1052-1Fb08-0Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ed1052-1Fb08-0Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ed1052-1fb08-0ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ed1052-2Hb08-0Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ed1052-2Hb08-0Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ed1052-2hb08-0ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

6Ag1052-2Fb08-7Ba1 Firmware by Siemens

Product Information
Vendor Siemens
Product 6Ag1052-2Fb08-7Ba1 Firmware
Version Range Affected
To 8.3 (inclusive)
cpe:2.3:o:siemens:6ag1052-2fb08-7ba1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cert-portal.siemens.com/productcert/pdf/ssa-844582.…
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf
https://cert-portal.siemens.com/productcert/html/ssa-844582…
https://cert-portal.siemens.com/productcert/html/ssa-844582.html
https://cert-portal.siemens.com/productcert/pdf/ssa-844582.…
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf