CVE-2025-40815 | THREATINT

Description

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-12 | Assigner siemens

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

References

cert-portal.siemens.com/productcert/html/ssa-267056.html

cve.org (CVE-2025-40815)

nvd.nist.gov (CVE-2025-40815)

Download JSON