Main Vulnerability Database SB2023121340

SB2023121340 - Improper Protection against Electromagnetic Fault Injection in Siemens LOGO! V8.3 BM Devices

Published: December 13, 2023

Security Bulletin ID SB2023121340

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Protection against Electromagnetic Fault Injection (CVE-ID: CVE-2022-42784)

The vulnerability allows a local attacker to compromise the system.

The vulnerability exists due to an electromagnetic fault injection. An attacker with physical access can dump and debug the firmware and inject public keys of custom created key pairs which are then signed by the product CA.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf

Vulnerable Software

LOGO! 12/24RCE: 8.3 and previous versions
LOGO! 12/24RCEo: 8.3 and previous versions
LOGO! 24CE: 8.3 and previous versions
LOGO! 24CEo: 8.3 and previous versions
LOGO! 24RCE: 8.3 and previous versions
LOGO! 24RCEo: 8.3 and previous versions
LOGO! 230RCE: 8.3 and previous versions
LOGO! 230RCEo: 8.3 and previous versions
SIPLUS LOGO! 12/24RCE: 8.3 and previous versions
SIPLUS LOGO! 12/24RCEo: 8.3 and previous versions
SIPLUS LOGO! 24CE: 8.3 and previous versions
SIPLUS LOGO! 24CEo: 8.3 and previous versions
SIPLUS LOGO! 24RCE: 8.3 and previous versions
SIPLUS LOGO! 24RCEo: 8.3 and previous versions
SIPLUS LOGO! 230RCE: 8.3 and previous versions
SIPLUS LOGO! 230RCEo: 8.3 and previous versions

SB2023121340 - Improper Protection against Electromagnetic Fault Injection in Siemens LOGO! V8.3 BM Devices

Breakdown by Severity

Description

Remediation

References

Please verify you're human