SB2023121340 - Improper Protection against Electromagnetic Fault Injection in Siemens LOGO! V8.3 BM Devices
Published: December 13, 2023
Security Bulletin ID
SB2023121340
CSH Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Protection against Electromagnetic Fault Injection (CVE-ID: CVE-2022-42784)
CWE-ID: CWE-1319 - Improper Protection against Electromagnetic Fault Injection
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the system.
The vulnerability exists due to an electromagnetic fault injection. An attacker with physical access can dump and debug the firmware and inject public keys of custom created key pairs which are then signed by the product CA.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.