A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HSiemens 6ag1052 1cc08 7ba1
HWSiemenswszystkie wersjeSiemens 6ag1052 1cc08 7ba1 Firmware
OSSiemens≤ 8.3Siemens 6ag1052 1fb08 7ba1
HWSiemenswszystkie wersjeSiemens 6ag1052 1fb08 7ba1 Firmware
OSSiemens≤ 8.3Siemens 6ag1052 1hb08 7ba1
HWSiemenswszystkie wersjeSiemens 6ag1052 1hb08 7ba1 Firmware
OSSiemens≤ 8.3Siemens 6ag1052 1md08 7ba1
HWSiemenswszystkie wersjeSiemens 6ag1052 1md08 7ba1 Firmware
OSSiemens≤ 8.3Siemens 6ag1052 2cc08 7ba1
HWSiemenswszystkie wersjeSiemens 6ag1052 2cc08 7ba1 Firmware
OSSiemens≤ 8.3Siemens 6ag1052 2fb08 7ba1
HWSiemenswszystkie wersjeSiemens 6ag1052 2fb08 7ba1 Firmware
OSSiemens≤ 8.3Siemens 6ag1052 2hb08 7ba1
HWSiemenswszystkie wersjeSiemens 6ag1052 2hb08 7ba1 Firmware
OSSiemens≤ 8.3Siemens 6ag1052 2md08 7ba1
HWSiemenswszystkie wersjeSiemens 6ag1052 2md08 7ba1 Firmware
OSSiemens≤ 8.3Siemens 6ed1052 1cc08 0ba1
HWSiemenswszystkie wersjeSiemens 6ed1052 1cc08 0ba1 Firmware
OSSiemens≤ 8.3Siemens 6ed1052 1fb08 0ba1
HWSiemenswszystkie wersjeSiemens 6ed1052 1fb08 0ba1 Firmware
OSSiemens≤ 8.3Siemens 6ed1052 1hb08 0ba1
HWSiemenswszystkie wersjeSiemens 6ed1052 1hb08 0ba1 Firmware
OSSiemens≤ 8.3Siemens 6ed1052 1md08 0ba1
HWSiemenswszystkie wersjeSiemens 6ed1052 1md08 0ba1 Firmware
OSSiemens≤ 8.3Siemens 6ed1052 2cc08 0ba1
HWSiemenswszystkie wersjeSiemens 6ed1052 2cc08 0ba1 Firmware
OSSiemens≤ 8.3Siemens 6ed1052 2fb08 0ba1
HWSiemenswszystkie wersjeSiemens 6ed1052 2fb08 0ba1 Firmware
OSSiemens≤ 8.3Siemens 6ed1052 2hb08 0ba1
HWSiemenswszystkie wersjeSiemens 6ed1052 2hb08 0ba1 Firmware
OSSiemens≤ 8.3
Related vulnerabilities
Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-defau...