Sign-up

ID

VAR-202409-0243


CVE

CVE-2024-37990


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-008600

DESCRIPTION

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface

Trust: 2.16

sources: NVD: CVE-2024-37990 // JVNDB: JVNDB-2024-008600 // CNVD: CNVD-2024-38011

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-38011

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rf166cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r aribscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf1170rscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf188ciscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf1140rscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:simatic rf188cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf186ciscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf186cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf185cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r aribscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf360rscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r aribscope:ltversion:4.2

Trust: 1.0

vendor:シーメンスmodel:simatic reader rf650r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf360rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf610r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf610r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf1170rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf1140rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r fccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic rf166cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf185cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf186cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf186ciscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf188cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf188ciscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic rf1140rscope:ltversion:v1.1

Trust: 0.6

vendor:siemensmodel:simatic rf1170rscope:ltversion:v1.1

Trust: 0.6

vendor:siemensmodel:simatic rf360rscope:ltversion:v2.2

Trust: 0.6

sources: CNVD: CNVD-2024-38011 // JVNDB: JVNDB-2024-008600 // NVD: CVE-2024-37990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-37990
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-37990
value: HIGH

Trust: 1.0

NVD: CVE-2024-37990
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-38011
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-38011
severity: HIGH
baseScore: 7.7
vectorString: AV:N/AC:L/AU:M/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-37990
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 2.0

NVD: CVE-2024-37990
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-38011 // JVNDB: JVNDB-2024-008600 // NVD: CVE-2024-37990 // NVD: CVE-2024-37990

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-912

Trust: 1.0

problemtype:Unpublished features (CWE-912) [ others ]

Trust: 0.8

problemtype: others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-008600 // NVD: CVE-2024-37990

PATCH

title:Patch for Siemens SIMATIC RFID Readers Hidden Function Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/590346

Trust: 0.6

sources: CNVD: CNVD-2024-38011

EXTERNAL IDS

db:NVDid:CVE-2024-37990

Trust: 3.2

db:SIEMENSid:SSA-765405

Trust: 2.4

db:JVNid:JVNVU90825867

Trust: 0.8

db:ICS CERTid:ICSA-24-256-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-008600

Trust: 0.8

db:CNVDid:CNVD-2024-38011

Trust: 0.6

sources: CNVD: CNVD-2024-38011 // JVNDB: JVNDB-2024-008600 // NVD: CVE-2024-37990

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-765405.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu90825867/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-37990

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07

Trust: 0.8

sources: CNVD: CNVD-2024-38011 // JVNDB: JVNDB-2024-008600 // NVD: CVE-2024-37990

SOURCES

db:CNVDid:CNVD-2024-38011
db:JVNDBid:JVNDB-2024-008600
db:NVDid:CVE-2024-37990

LAST UPDATE DATE

2024-09-21T20:02:08.927000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-38011date:2024-09-12T00:00:00
db:JVNDBid:JVNDB-2024-008600date:2024-09-20T05:34:00
db:NVDid:CVE-2024-37990date:2024-09-18T15:27:53.563

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-38011date:2024-09-13T00:00:00
db:JVNDBid:JVNDB-2024-008600date:2024-09-20T00:00:00
db:NVDid:CVE-2024-37990date:2024-09-10T10:15:10.227