CVE-2020-7593

Опубликовано: 14 июл. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-573753.pdf
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1069
Exploit
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-573753.pdf
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1069
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:siemens:logo\!_8_bm_firmware:*:*:*:*:*:*:*:*

Версия от 1.81.01 (включая) до 1.81.03 (включая)

cpe:2.3:o:siemens:logo\!_8_bm_firmware:1.82.01:*:*:*:*:*:*:*

cpe:2.3:o:siemens:logo\!_8_bm_firmware:1.82.02:*:*:*:*:*:*:*

cpe:2.3:h:siemens:logo\!_8_bm:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.17292

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-x26m-wcf2-85xw

github

больше 3 лет назад