Improper Protection against Electromagnetic Fault Injection in Siemens Hardware solutions

#VU84395 Improper Protection against Electromagnetic Fault Injection in Siemens Hardware solutions

Published: 2023-12-13

Vulnerability identifier: #VU84395

Vulnerability risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-42784

CWE-ID: CWE-1319

Exploitation vector: Local

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a local attacker to compromise the system.

The vulnerability exists due to an electromagnetic fault injection. An attacker with physical access can dump and debug the firmware and inject public keys of custom created key pairs which are then signed by the product CA.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

LOGO! 12/24RCE: 8.3

LOGO! 12/24RCEo: 8.3

LOGO! 24CE: 8.3

LOGO! 24CEo: 8.3

LOGO! 24RCE: 8.3

LOGO! 24RCEo: 8.3

LOGO! 230RCE: 8.3

LOGO! 230RCEo: 8.3

SIPLUS LOGO! 12/24RCE: 8.3

SIPLUS LOGO! 12/24RCEo: 8.3

SIPLUS LOGO! 24CE: 8.3

SIPLUS LOGO! 24CEo: 8.3

SIPLUS LOGO! 24RCE: 8.3

SIPLUS LOGO! 24RCEo: 8.3

SIPLUS LOGO! 230RCE: 8.3

SIPLUS LOGO! 230RCEo: 8.3

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Protection against Electromagnetic Fault Injection in Siemens LOGO! V8.3 BM Devices