Today > 11 Critical | 66 High | 66 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-37991

Sept. 18, 2024, 3:29 p.m.

CVSS Score

6.5 / 10

Products Impacted

Vendor Product Versions
siemens
  • simatic_rf360r_firmware
  • simatic_rf360r
  • simatic_rf1170r_firmware
  • simatic_rf1170r
  • simatic_rf1140r_firmware
  • simatic_rf1140r
  • simatic_reader_rf685r_fcc_firmware
  • simatic_reader_rf685r_fcc
  • simatic_reader_rf685r_etsi_firmware
  • simatic_reader_rf685r_etsi
  • simatic_reader_rf685r_cmiit_firmware
  • simatic_reader_rf685r_cmiit
  • simatic_reader_rf685r_arib_firmware
  • simatic_reader_rf685r_arib
  • simatic_reader_rf680r_fcc_firmware
  • simatic_reader_rf680r_fcc
  • simatic_reader_rf680r_etsi_firmware
  • simatic_reader_rf680r_etsi
  • simatic_reader_rf680r_cmiit_firmware
  • simatic_reader_rf680r_cmiit
  • simatic_reader_rf680r_arib_firmware
  • simatic_reader_rf680r_arib
  • simatic_reader_rf650r_fcc_firmware
  • simatic_reader_rf650r_fcc
  • simatic_reader_rf650r_etsi_firmware
  • simatic_reader_rf650r_etsi
  • simatic_reader_rf650r_cmiit_firmware
  • simatic_reader_rf650r_cmiit
  • simatic_reader_rf650r_arib_firmware
  • simatic_reader_rf650r_arib
  • simatic_reader_rf615r_fcc_firmware
  • simatic_reader_rf615r_fcc
  • simatic_reader_rf615r_etsi_firmware
  • simatic_reader_rf615r_etsi
  • simatic_reader_rf615r_cmiit_firmware
  • simatic_reader_rf615r_cmiit
  • simatic_reader_rf610r_fcc_firmware
  • simatic_reader_rf610r_fcc
  • simatic_reader_rf610r_etsi_firmware
  • simatic_reader_rf610r_etsi
  • simatic_reader_rf610r_cmiit_firmware
  • simatic_reader_rf610r_cmiit
  • simatic_rf188ci_firmware
  • simatic_rf188ci
  • simatic_rf188c_firmware
  • simatic_rf188c
  • simatic_rf186ci_firmware
  • simatic_rf186ci
  • simatic_rf186c_firmware
  • simatic_rf186c
  • simatic_rf185c_firmware
  • simatic_rf185c
  • simatic_rf166c_firmware
  • simatic_rf166c
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -

Description

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information.

Weaknesses

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE ID: 200
CWE-306
Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE ID: 306

Date

Published: Sept. 10, 2024, 10:15 a.m.

Last Modified: Sept. 18, 2024, 3:29 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o siemens simatic_rf360r_firmware / / / / / / / /
h siemens simatic_rf360r - / / / / / / /
o siemens simatic_rf1170r_firmware / / / / / / / /
h siemens simatic_rf1170r - / / / / / / /
o siemens simatic_rf1140r_firmware / / / / / / / /
h siemens simatic_rf1140r - / / / / / / /
o siemens simatic_reader_rf685r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf685r_fcc - / / / / / / /
o siemens simatic_reader_rf685r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf685r_etsi - / / / / / / /
o siemens simatic_reader_rf685r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf685r_cmiit - / / / / / / /
o siemens simatic_reader_rf685r_arib_firmware / / / / / / / /
h siemens simatic_reader_rf685r_arib - / / / / / / /
o siemens simatic_reader_rf680r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf680r_fcc - / / / / / / /
o siemens simatic_reader_rf680r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf680r_etsi - / / / / / / /
o siemens simatic_reader_rf680r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf680r_cmiit - / / / / / / /
o siemens simatic_reader_rf680r_arib_firmware / / / / / / / /
h siemens simatic_reader_rf680r_arib - / / / / / / /
o siemens simatic_reader_rf650r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf650r_fcc - / / / / / / /
o siemens simatic_reader_rf650r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf650r_etsi - / / / / / / /
o siemens simatic_reader_rf650r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf650r_cmiit - / / / / / / /
o siemens simatic_reader_rf650r_arib_firmware / / / / / / / /
h siemens simatic_reader_rf650r_arib - / / / / / / /
o siemens simatic_reader_rf615r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf615r_fcc - / / / / / / /
o siemens simatic_reader_rf615r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf615r_etsi - / / / / / / /
o siemens simatic_reader_rf615r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf615r_cmiit - / / / / / / /
o siemens simatic_reader_rf610r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf610r_fcc - / / / / / / /
o siemens simatic_reader_rf610r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf610r_etsi - / / / / / / /
o siemens simatic_reader_rf610r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf610r_cmiit - / / / / / / /
o siemens simatic_rf188ci_firmware / / / / / / / /
h siemens simatic_rf188ci - / / / / / / /
o siemens simatic_rf188c_firmware / / / / / / / /
h siemens simatic_rf188c - / / / / / / /
o siemens simatic_rf186ci_firmware / / / / / / / /
h siemens simatic_rf186ci - / / / / / / /
o siemens simatic_rf186c_firmware / / / / / / / /
h siemens simatic_rf186c - / / / / / / /
o siemens simatic_rf185c_firmware / / / / / / / /
h siemens simatic_rf185c - / / / / / / /
o siemens simatic_rf166c_firmware / / / / / / / /
h siemens simatic_rf166c - / / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score
6.5
Exploitability Score
2.8
Impact Score
3.6
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

https://cert-portal.siemens.com/ productcert@siemens.com