CVE-2024-39922

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Aug 13, 2024
CWE ID 256

Summary

CVE-2024-39922: A serious vulnerability has been discovered in various versions of LOGO! RCE, LOGO! RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 230RCE, LOGO! 230RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, SIPLUS LOGO! 24CE, and SIPLUS LOGO! 24CEo. These software applications store user passwords in plaintext without adequate protection, posing a significant risk. A physical attacker with access to the affected devices can easily retrieve these passwords from the embedded storage ICs, potentially leading to unauthorized access to sensitive data or systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share