Sign-up

ID

VAR-202409-0240


CVE

CVE-2024-37994


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-008453

DESCRIPTION

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface

Trust: 2.16

sources: NVD: CVE-2024-37994 // JVNDB: JVNDB-2024-008453 // CNVD: CNVD-2024-38007

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-38007

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rf166cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r aribscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf1170rscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf188ciscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf1140rscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:simatic rf188cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf186ciscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf186cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf185cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r aribscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf360rscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r aribscope:ltversion:4.2

Trust: 1.0

vendor:シーメンスmodel:simatic reader rf650r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf610r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf610r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf1140rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf1170rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf360rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r cmiitscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic rf166cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf185cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf186cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf186ciscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf188cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf188ciscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic rf1140rscope:ltversion:v1.1

Trust: 0.6

vendor:siemensmodel:simatic rf1170rscope:ltversion:v1.1

Trust: 0.6

vendor:siemensmodel:simatic rf360rscope:ltversion:v2.2

Trust: 0.6

sources: CNVD: CNVD-2024-38007 // JVNDB: JVNDB-2024-008453 // NVD: CVE-2024-37994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-37994
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2024-37994
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-37994
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-38007
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-38007
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-37994
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-37994
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-37994
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-38007 // JVNDB: JVNDB-2024-008453 // NVD: CVE-2024-37994 // NVD: CVE-2024-37994

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-912

Trust: 1.0

problemtype:Unpublished features (CWE-912) [ others ]

Trust: 0.8

problemtype: others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-008453 // NVD: CVE-2024-37994

PATCH

title:Patch for Siemens SIMATIC RFID Readers Hidden Function Vulnerability (CNVD-2024-38007)url:https://www.cnvd.org.cn/patchInfo/show/590366

Trust: 0.6

sources: CNVD: CNVD-2024-38007

EXTERNAL IDS

db:NVDid:CVE-2024-37994

Trust: 3.2

db:SIEMENSid:SSA-765405

Trust: 2.4

db:JVNid:JVNVU90825867

Trust: 0.8

db:ICS CERTid:ICSA-24-256-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-008453

Trust: 0.8

db:CNVDid:CNVD-2024-38007

Trust: 0.6

sources: CNVD: CNVD-2024-38007 // JVNDB: JVNDB-2024-008453 // NVD: CVE-2024-37994

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-765405.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu90825867/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-37994

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07

Trust: 0.8

sources: CNVD: CNVD-2024-38007 // JVNDB: JVNDB-2024-008453 // NVD: CVE-2024-37994

SOURCES

db:CNVDid:CNVD-2024-38007
db:JVNDBid:JVNDB-2024-008453
db:NVDid:CVE-2024-37994

LAST UPDATE DATE

2024-09-20T20:36:33.401000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-38007date:2024-09-12T00:00:00
db:JVNDBid:JVNDB-2024-008453date:2024-09-19T07:43:00
db:NVDid:CVE-2024-37994date:2024-09-18T15:35:17.403

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-38007date:2024-09-13T00:00:00
db:JVNDBid:JVNDB-2024-008453date:2024-09-19T00:00:00
db:NVDid:CVE-2024-37994date:2024-09-10T10:15:11.340