Cyber Resilience

CVE-2022-42784

High

Published: 12 December 2023

Published
12 December 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0010 27.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-42784 is a high-severity EM-FI (CWE-1319) vulnerability in Siemens 6Ed1052-1Md08-0Ba1 Firmware. Its CVSS base score is 7.6 (High).

Operationally, ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >=…

more

V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

siemens
6ed1052-1md08-0ba1 firmware
≤ 8.3
siemens
6ed1052-2md08-0ba1 firmware
≤ 8.3
siemens
6ed1052-1cc08-0ba1 firmware
≤ 8.3
siemens
6ed1052-2cc08-0ba1 firmware
≤ 8.3
siemens
6ed1052-1hb08-0ba1 firmware
≤ 8.3
siemens
6ed1052-2hb08-0ba1 firmware
≤ 8.3
siemens
6ed1052-1fb08-0ba1 firmware
≤ 8.3
siemens
6ed1052-2fb08-0ba1 firmware
≤ 8.3
siemens
6ag1052-1md08-7ba1 firmware
≤ 8.3
siemens
6ag1052-2md08-7ba1 firmware
≤ 8.3
+6 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References