Information disclosure in LOGO!8 BM - CVE-2022-36363
Published: October 11, 2022
Vulnerability identifier: #VU68119
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-36363
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
LOGO!8 BM
LOGO!8 BM
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected device does not properly validate an offset value which can be defined in TCP packets when calling a method. A remote attacker can retrieve parts of the content of the memory.
How to mitigate CVE-2022-36363
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.