cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-39922,https://securityvulnerability.io/vulnerability/CVE-2024-39922,"Devices Store User Passwords in Plaintext, Vulnerable to Physical Attack","A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs.",Siemens,"Logo! 12/24rce,Logo! 12/24rceo,Logo! 230rce,Logo! 230rceo,Logo! 24ce,Logo! 24ceo,Logo! 24rce,Logo! 24rceo,Siplus Logo! 12/24rce,Siplus Logo! 12/24rceo,Siplus Logo! 230rce,Siplus Logo! 230rceo,Siplus Logo! 24ce,Siplus Logo! 24ceo,Siplus Logo! 24rce,Siplus Logo! 24rceo",4.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-08-13T07:54:17.388Z,0
CVE-2022-42784,https://securityvulnerability.io/vulnerability/CVE-2022-42784,Electromagnetic Fault Injection Vulnerability in Siemens LOGO! Products,"A vulnerability has been identified in Siemens LOGO! devices, allowing attackers to exploit electromagnetic fault injection. This allows them to dump and debug firmware, manipulate memory, and inject public keys for custom key pairs that can be signed by the product's certificate authority. Consequently, attackers can create custom certificates, facilitating unauthorized communication with and impersonation of other devices running the same version.",Siemens,"Logo! 12/24rce,Logo! 12/24rceo,Logo! 230rce,Logo! 230rceo,Logo! 24ce,Logo! 24ceo,Logo! 24rce,Logo! 24rceo,Siplus Logo! 12/24rce,Siplus Logo! 12/24rceo,Siplus Logo! 230rce,Siplus Logo! 230rceo,Siplus Logo! 24ce,Siplus Logo! 24ceo,Siplus Logo! 24rce,Siplus Logo! 24rceo",7.6,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,2023-12-12T10:02:37.510Z,0
CVE-2022-36361,https://securityvulnerability.io/vulnerability/CVE-2022-36361,Buffer Overflow Vulnerability in Siemens LOGO! Automation Products,"A significant vulnerability exists in Siemens LOGO! automation products, where improper validation of TCP packet structures can lead to buffer overflow conditions. This flaw could enable an attacker to manipulate the instruction counter and execute arbitrary code remotely, posing severe security risks to the operational integrity of affected devices. Organizations using these products should be aware of this risk and take necessary precautions to mitigate potential threats.",Siemens,"Logo! 12/24rce,Logo! 12/24rceo,Logo! 230rce,Logo! 230rceo,Logo! 24ce,Logo! 24ceo,Logo! 24rce,Logo! 24rceo,Siplus Logo! 12/24rce,Siplus Logo! 12/24rceo,Siplus Logo! 230rce,Siplus Logo! 230rceo,Siplus Logo! 24ce,Siplus Logo! 24ceo,Siplus Logo! 24rce,Siplus Logo! 24rceo",9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-36363,https://securityvulnerability.io/vulnerability/CVE-2022-36363,Memory Retrieval Vulnerability in LOGO! 12/24RCE and SIPLUS LOGO! Products by Siemens,"A vulnerability in Siemens LOGO! 12/24RCE and SIPLUS LOGO! devices exists due to improper validation of offset values defined in TCP packets during method calls. This flaw can potentially enable attackers to access sensitive memory content, posing a significant risk to the integrity and confidentiality of system data. Users of these products should implement recommended security measures and monitor for any suspicious activity.",Siemens,"Logo! 12/24rce,Logo! 12/24rceo,Logo! 230rce,Logo! 230rceo,Logo! 24ce,Logo! 24ceo,Logo! 24rce,Logo! 24rceo,Siplus Logo! 12/24rce,Siplus Logo! 12/24rceo,Siplus Logo! 230rce,Siplus Logo! 230rceo,Siplus Logo! 24ce,Siplus Logo! 24ceo,Siplus Logo! 24rce,Siplus Logo! 24rceo",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-36362,https://securityvulnerability.io/vulnerability/CVE-2022-36362,Remote Code Execution Vulnerability in LOGO! Devices from Siemens,"A vulnerability in various LOGO! devices from Siemens enables an unauthenticated remote attacker to manipulate the devices' IP addresses. This flaw occurs due to insufficient validation when interacting with the devices. Consequently, the affected devices become unreachable, requiring a power cycle for recovery. All versions of specific models of LOGO! are impacted, highlighting the need for immediate attention to secure these devices against potential exploitation.",Siemens,"Logo! 12/24rce,Logo! 12/24rceo,Logo! 230rce,Logo! 230rceo,Logo! 24ce,Logo! 24ceo,Logo! 24rce,Logo! 24rceo,Siplus Logo! 12/24rce,Siplus Logo! 12/24rceo,Siplus Logo! 230rce,Siplus Logo! 230rceo,Siplus Logo! 24ce,Siplus Logo! 24ceo,Siplus Logo! 24rce,Siplus Logo! 24rceo",7.5,HIGH,0.0005099999834783375,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2020-25236,https://securityvulnerability.io/vulnerability/CVE-2020-25236,,"A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device
executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.",Siemens,"Logo! 12/24rce,Logo! 12/24rceo,Logo! 230rce,Logo! 230rceo,Logo! 24ce,Logo! 24ceo,Logo! 24rce,Logo! 24rceo,Siplus Logo! 12/24rce,Siplus Logo! 12/24rceo,Siplus Logo! 230rce,Siplus Logo! 230rceo,Siplus Logo! 24ce,Siplus Logo! 24ceo,Siplus Logo! 24rce,Siplus Logo! 24rceo",5.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2021-03-15T17:03:30.000Z,0