High severity7.5NVD Advisory· Published Oct 11, 2022· Updated Jun 17, 2026
CVE-2022-36360
CVE-2022-36360
Description
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.
Affected products
2- Range: < V8.3
- Siemens/LOGO! 8 BM (incl. SIPLUS variants)v5Range: All versions < V8.3
Patches
Vulnerability mechanics
References
1- cert-portal.siemens.com/productcert/pdf/ssa-928782.pdfnvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.