Improper Protection against Electromagnetic Fault Injection in Siemens LOGO! V8.3 BM Devices

1) Improper Protection against Electromagnetic Fault Injection

EUVDB-ID: #VU84395

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-42784

CWE-ID: CWE-1319 - Improper Protection against Electromagnetic Fault Injection

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the system.

The vulnerability exists due to an electromagnetic fault injection. An attacker with physical access can dump and debug the firmware and inject public keys of custom created key pairs which are then signed by the product CA.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

LOGO! 12/24RCE: 8.3

LOGO! 12/24RCEo: 8.3

LOGO! 24CE: 8.3

LOGO! 24CEo: 8.3

LOGO! 24RCE: 8.3

LOGO! 24RCEo: 8.3

LOGO! 230RCE: 8.3

LOGO! 230RCEo: 8.3

SIPLUS LOGO! 12/24RCE: 8.3

SIPLUS LOGO! 12/24RCEo: 8.3

SIPLUS LOGO! 24CE: 8.3

SIPLUS LOGO! 24CEo: 8.3

SIPLUS LOGO! 24RCE: 8.3

SIPLUS LOGO! 24RCEo: 8.3

SIPLUS LOGO! 230RCE: 8.3

SIPLUS LOGO! 230RCEo: 8.3

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.