Sign-up

ID

VAR-202409-0242


CVE

CVE-2024-37991


TITLE

Lack of authentication for critical functions in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-008405

DESCRIPTION

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products, such as firmware, are vulnerable to lack of authentication for critical functions.Information may be obtained. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface

Trust: 2.16

sources: NVD: CVE-2024-37991 // JVNDB: JVNDB-2024-008405 // CNVD: CNVD-2024-38010

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-38010

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rf166cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r aribscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf1170rscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf188ciscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf1140rscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:simatic rf188cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf186ciscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf186cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf185cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r aribscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf360rscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r aribscope:ltversion:4.2

Trust: 1.0

vendor:シーメンスmodel:simatic reader rf650r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf610r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf610r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf1140rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf1170rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf360rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r cmiitscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic rf166cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf185cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf186cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf186ciscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf188cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf188ciscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic rf1140rscope:ltversion:v1.1

Trust: 0.6

vendor:siemensmodel:simatic rf1170rscope:ltversion:v1.1

Trust: 0.6

vendor:siemensmodel:simatic rf360rscope:ltversion:v2.2

Trust: 0.6

sources: CNVD: CNVD-2024-38010 // JVNDB: JVNDB-2024-008405 // NVD: CVE-2024-37991

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-37991
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-37991
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-37991
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-38010
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-38010
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-37991
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-37991
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-37991
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-38010 // JVNDB: JVNDB-2024-008405 // NVD: CVE-2024-37991 // NVD: CVE-2024-37991

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

problemtype: Lack of authentication for critical features (CWE-306) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-008405 // NVD: CVE-2024-37991

PATCH

title:Patch for Siemens SIMATIC RFID Readers Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/590351

Trust: 0.6

sources: CNVD: CNVD-2024-38010

EXTERNAL IDS

db:NVDid:CVE-2024-37991

Trust: 3.2

db:SIEMENSid:SSA-765405

Trust: 2.4

db:JVNid:JVNVU90825867

Trust: 0.8

db:ICS CERTid:ICSA-24-256-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-008405

Trust: 0.8

db:CNVDid:CNVD-2024-38010

Trust: 0.6

sources: CNVD: CNVD-2024-38010 // JVNDB: JVNDB-2024-008405 // NVD: CVE-2024-37991

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-765405.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu90825867/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-37991

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07

Trust: 0.8

sources: CNVD: CNVD-2024-38010 // JVNDB: JVNDB-2024-008405 // NVD: CVE-2024-37991

SOURCES

db:CNVDid:CNVD-2024-38010
db:JVNDBid:JVNDB-2024-008405
db:NVDid:CVE-2024-37991

LAST UPDATE DATE

2024-09-20T21:26:56.827000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-38010date:2024-09-12T00:00:00
db:JVNDBid:JVNDB-2024-008405date:2024-09-19T06:57:00
db:NVDid:CVE-2024-37991date:2024-09-18T15:29:44.390

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-38010date:2024-09-13T00:00:00
db:JVNDBid:JVNDB-2024-008405date:2024-09-19T00:00:00
db:NVDid:CVE-2024-37991date:2024-09-10T10:15:10.600