Vulnerability Details CVE-2020-25236
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device
executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.9
References
Products affected by CVE-2020-25236
-
cpe:2.3:h:siemens:logo!_8_bm:-
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:-
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:1.81.01
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:1.81.03
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:1.81.04
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:1.82.01
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:1.82.02
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:1.82.03
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:1.82.04
-
cpe:2.3:o:siemens:logo!_8_bm_firmware:8.3