CVE-2024-39922

{"id": "CVE-2024-39922", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-08-13T08:15:11.567", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-921449.html", "source": "productcert@siemens.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (Todas las versiones), LOGO! 12/24RCEO (6ED1052-2MD08-0BA1) (Todas las versiones), LOGO! 230RCE (6ED1052-1FB08-0BA1) (Todas las versiones), LOGO! 230RCEO (6ED1052-2FB08-0BA1) (todas las versiones), LOGO! 24CE (6ED1052-1CC08-0BA1) (Todas las versiones), LOGO! 24CEo (6ED1052-2CC08-0BA1) (Todas las versiones), LOGO! 24RCE (6ED1052-1HB08-0BA1) (Todas las versiones), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (Todas las versiones), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (Todas las versiones), SIPLUS LOGO! 12/24RCEO (6AG1052-2MD08-7BA1) (Todas las versiones), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (Todas las versiones), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (Todas las versiones), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (Todas las versiones), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (Todas las versiones), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (Todas las versiones), SIPLUS LOGO! 24RCEO (6AG1052-2HB08-7BA1) (Todas las versiones). Los dispositivos afectados almacenan las contrase\u00f1as de los usuarios en texto plano sin la protecci\u00f3n adecuada. Esto podr\u00eda permitir que un atacante f\u00edsico los recupere de los circuitos integrados de almacenamiento integrados."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "productcert@siemens.com"}