CVE-2022-36360

CVE-2022-36360

Vendor Siemens
Product LOGO! 8 BM (incl. SIPLUS variants)
Weakness CWE-345
Published October 11, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.

Key dates

02Disclosure timeline

October 11, 2022 CVE published
August 3, 2024 Record updated