Sign-up

ID

VAR-202409-0244


CVE

CVE-2024-37995


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-008416

DESCRIPTION

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface

Trust: 2.16

sources: NVD: CVE-2024-37995 // JVNDB: JVNDB-2024-008416 // CNVD: CNVD-2024-38006

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-38006

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rf166cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r aribscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf1170rscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf188ciscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf1140rscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:simatic rf188cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf186ciscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf186cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic rf185cscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r aribscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf650r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic rf360rscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r cmiitscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf615r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf680r etsiscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf610r fccscope:ltversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic reader rf685r aribscope:ltversion:4.2

Trust: 1.0

vendor:シーメンスmodel:simatic reader rf650r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf610r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf610r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf1140rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf1170rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic rf360rscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r aribscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf615r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r etsiscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf650r cmiitscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf680r fccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic reader rf685r cmiitscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic rf166cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf185cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf186cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf186ciscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf188cscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic rf188ciscope:ltversion:v2.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf610r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf615r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf650r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf680r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r aribscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r cmiitscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r etsiscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic reader rf685r fccscope:ltversion:v4.2

Trust: 0.6

vendor:siemensmodel:simatic rf1140rscope:ltversion:v1.1

Trust: 0.6

vendor:siemensmodel:simatic rf1170rscope:ltversion:v1.1

Trust: 0.6

vendor:siemensmodel:simatic rf360rscope:ltversion:v2.2

Trust: 0.6

sources: CNVD: CNVD-2024-38006 // JVNDB: JVNDB-2024-008416 // NVD: CVE-2024-37995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-37995
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2024-37995
value: LOW

Trust: 1.0

NVD: CVE-2024-37995
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-38006
value: LOW

Trust: 0.6

CNVD: CNVD-2024-38006
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-37995
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-37995
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-37995
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-38006 // JVNDB: JVNDB-2024-008416 // NVD: CVE-2024-37995 // NVD: CVE-2024-37995

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-703

Trust: 1.0

problemtype:Improper checks or handling of exceptional circumstances (CWE-703) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-008416 // NVD: CVE-2024-37995

PATCH

title:Patch for Siemens SIMATIC RFID Readers Improper Handling Vulnerability (CNVD-2024-38006)url:https://www.cnvd.org.cn/patchInfo/show/590371

Trust: 0.6

sources: CNVD: CNVD-2024-38006

EXTERNAL IDS

db:NVDid:CVE-2024-37995

Trust: 3.2

db:SIEMENSid:SSA-765405

Trust: 2.4

db:JVNid:JVNVU90825867

Trust: 0.8

db:ICS CERTid:ICSA-24-256-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-008416

Trust: 0.8

db:CNVDid:CNVD-2024-38006

Trust: 0.6

sources: CNVD: CNVD-2024-38006 // JVNDB: JVNDB-2024-008416 // NVD: CVE-2024-37995

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-765405.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu90825867/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-37995

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07

Trust: 0.8

sources: CNVD: CNVD-2024-38006 // JVNDB: JVNDB-2024-008416 // NVD: CVE-2024-37995

SOURCES

db:CNVDid:CNVD-2024-38006
db:JVNDBid:JVNDB-2024-008416
db:NVDid:CVE-2024-37995

LAST UPDATE DATE

2024-09-20T22:23:48.290000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-38006date:2024-09-12T00:00:00
db:JVNDBid:JVNDB-2024-008416date:2024-09-19T06:58:00
db:NVDid:CVE-2024-37995date:2024-09-18T15:37:15.130

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-38006date:2024-09-13T00:00:00
db:JVNDBid:JVNDB-2024-008416date:2024-09-19T00:00:00
db:NVDid:CVE-2024-37995date:2024-09-10T10:15:11.570