#VU84395 Improper Protection against Electromagnetic Fault Injection in Siemens products - CVE-2022-42784

Cybersecurity Help s.r.o.

Published: 2023-12-13

Vulnerability identifier: #VU84395

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42784

CWE-ID: CWE-1319

Exploitation vector: Local

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a local attacker to compromise the system.

The vulnerability exists due to an electromagnetic fault injection. An attacker with physical access can dump and debug the firmware and inject public keys of custom created key pairs which are then signed by the product CA.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

LOGO! 12/24RCE: 8.3

LOGO! 12/24RCEo: 8.3

LOGO! 24CE: 8.3

LOGO! 24CEo: 8.3

LOGO! 24RCE: 8.3

LOGO! 24RCEo: 8.3

LOGO! 230RCE: 8.3

LOGO! 230RCEo: 8.3

SIPLUS LOGO! 12/24RCE: 8.3

SIPLUS LOGO! 12/24RCEo: 8.3

SIPLUS LOGO! 24CE: 8.3

SIPLUS LOGO! 24CEo: 8.3

SIPLUS LOGO! 24RCE: 8.3

SIPLUS LOGO! 24RCEo: 8.3

SIPLUS LOGO! 230RCE: 8.3

SIPLUS LOGO! 230RCEo: 8.3

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Protection against Electromagnetic Fault Injection in Siemens LOGO! V8.3 BM Devices