CVE-2022-36363 in LOGO 8 BMinfo

Summary

by MITRE • 10/11/2022

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/17/2026

The vulnerability identified as CVE-2022-36363 affects LOGO! 8 BM industrial control devices including SIPLUS variants across all software versions. This represents a critical security flaw in embedded industrial systems that are widely deployed in manufacturing and automation environments. The affected devices operate within the industrial control systems domain where security is paramount for operational continuity and safety. These devices are designed to control and monitor industrial processes and their compromise could lead to significant operational disruptions or safety hazards in critical infrastructure environments.

The technical flaw manifests in the improper validation of offset values within TCP packets during method invocation operations. When a TCP packet is received by the affected LOGO! 8 BM device, the system fails to properly validate the offset parameter that defines where in memory data should be accessed. This lack of input validation creates a classic buffer over-read vulnerability where an attacker can manipulate the offset value to access arbitrary memory locations. The vulnerability stems from insufficient bounds checking and parameter validation mechanisms within the network protocol handling code. This weakness allows an unauthenticated attacker to craft malicious TCP packets that can traverse the memory space of the device and extract sensitive information from memory regions that should remain protected.

The operational impact of this vulnerability extends beyond simple information disclosure as it represents a fundamental weakness in the device's security architecture. An attacker who successfully exploits this vulnerability can retrieve parts of the device's memory content, potentially including configuration data, communication credentials, operational parameters, and other sensitive information that could be used for further attacks. The implications are particularly severe in industrial environments where these devices control critical processes and where knowledge of system internals could enable more sophisticated attacks. This vulnerability aligns with CWE-129, which describes improper validation of input boundaries, and represents a significant concern for industrial control system security. The attack vector requires only network access to the device, making it particularly dangerous as it can be exploited remotely without physical access to the system.

Mitigation strategies for CVE-2022-36363 should focus on both immediate protective measures and long-term architectural improvements. Organizations should implement network segmentation and access controls to limit exposure of these devices to untrusted networks, following ATT&CK technique T1046 for network service enumeration and T1071 for application layer protocol usage. Immediate patching from the vendor should be prioritized when available, as this vulnerability affects devices in operational environments where continuous availability is critical. Network monitoring should be enhanced to detect anomalous TCP packet patterns that might indicate exploitation attempts, particularly around method invocation operations. Device administrators should also consider implementing network access control lists and disabling unnecessary network services to reduce the attack surface. The vulnerability demonstrates the importance of secure coding practices in industrial control systems and highlights the need for regular security assessments of embedded devices in operational technology environments, aligning with NIST SP 800-82 guidelines for industrial control systems security.

Reservation

07/21/2022

Disclosure

10/11/2022

Moderation

accepted

CPE

ready

EPSS

0.00380

KEV

no

Activities

low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!