Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSiemensCVE-2024-37995
HistorySep 10, 2024 - 10:15 a.m.

CVE-2024-37995

2024-09-1010:15:11
CWE-703
siemens
web.nvd.nist.gov
23
simatic
rfid
readers
vulnerability
certificate upload
sensitive information
disclosure

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS4

2.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

32.8%

JSON

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information.

Affected configurations

Nvd
Node
siemenssimatic_rf360r_firmwareRange<2.2
AND
siemenssimatic_rf360rMatch-
Node
siemenssimatic_rf1170r_firmwareRange<1.1
AND
siemenssimatic_rf1170rMatch-
Node
siemenssimatic_rf1140r_firmwareRange<1.1
AND
siemenssimatic_rf1140rMatch-
Node
siemenssimatic_reader_rf685r_fcc_firmwareRange<4.2
AND
siemenssimatic_reader_rf685r_fccMatch-
Node
siemenssimatic_reader_rf685r_etsi_firmwareRange<4.2
AND
siemenssimatic_reader_rf685r_etsiMatch-
Node
siemenssimatic_reader_rf685r_cmiit_firmwareRange<4.2
AND
siemenssimatic_reader_rf685r_cmiitMatch-
Node
siemenssimatic_reader_rf685r_arib_firmwareRange<4.2
AND
siemenssimatic_reader_rf685r_aribMatch-
Node
siemenssimatic_reader_rf680r_fcc_firmwareRange<4.2
AND
siemenssimatic_reader_rf680r_fccMatch-
Node
siemenssimatic_reader_rf680r_etsi_firmwareRange<4.2
AND
siemenssimatic_reader_rf680r_etsiMatch-
Node
siemenssimatic_reader_rf680r_cmiit_firmwareRange<4.2
AND
siemenssimatic_reader_rf680r_cmiitMatch-
Node
siemenssimatic_reader_rf680r_arib_firmwareRange<4.2
AND
siemenssimatic_reader_rf680r_aribMatch-
Node
siemenssimatic_reader_rf650r_fcc_firmwareRange<4.2
AND
siemenssimatic_reader_rf650r_fccMatch-
Node
siemenssimatic_reader_rf650r_etsi_firmwareRange<4.2
AND
siemenssimatic_reader_rf650r_etsiMatch-
Node
siemenssimatic_reader_rf650r_cmiit_firmwareRange<4.2
AND
siemenssimatic_reader_rf650r_cmiitMatch-
Node
siemenssimatic_reader_rf650r_arib_firmwareRange<4.2
AND
siemenssimatic_reader_rf650r_aribMatch-
Node
siemenssimatic_reader_rf615r_fcc_firmwareRange<4.2
AND
siemenssimatic_reader_rf615r_fccMatch-
Node
siemenssimatic_reader_rf615r_etsi_firmwareRange<4.2
AND
siemenssimatic_reader_rf615r_etsiMatch-
Node
siemenssimatic_reader_rf615r_cmiit_firmwareRange<4.2
AND
siemenssimatic_reader_rf615r_cmiitMatch-
Node
siemenssimatic_reader_rf610r_fcc_firmwareRange<4.2
AND
siemenssimatic_reader_rf610r_fccMatch-
Node
siemenssimatic_reader_rf610r_etsi_firmwareRange<4.2
AND
siemenssimatic_reader_rf610r_etsiMatch-
Node
siemenssimatic_reader_rf610r_cmiit_firmwareRange<4.2
AND
siemenssimatic_reader_rf610r_cmiitMatch-
Node
siemenssimatic_rf188ci_firmwareRange<2.2
AND
siemenssimatic_rf188ciMatch-
Node
siemenssimatic_rf188c_firmwareRange<2.2
AND
siemenssimatic_rf188cMatch-
Node
siemenssimatic_rf186ci_firmwareRange<2.2
AND
siemenssimatic_rf186ciMatch-
Node
siemenssimatic_rf186c_firmwareRange<2.2
AND
siemenssimatic_rf186cMatch-
Node
siemenssimatic_rf185c_firmwareRange<2.2
AND
siemenssimatic_rf185cMatch-
Node
siemenssimatic_rf166c_firmwareRange<2.2
AND
siemenssimatic_rf166cMatch-
VendorProductVersionCPE
siemenssimatic_rf360r_firmware*cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:*
siemenssimatic_rf360r-cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*
siemenssimatic_rf1170r_firmware*cpe:2.3:o:siemens:simatic_rf1170r_firmware:*:*:*:*:*:*:*:*
siemenssimatic_rf1170r-cpe:2.3:h:siemens:simatic_rf1170r:-:*:*:*:*:*:*:*
siemenssimatic_rf1140r_firmware*cpe:2.3:o:siemens:simatic_rf1140r_firmware:*:*:*:*:*:*:*:*
siemenssimatic_rf1140r-cpe:2.3:h:siemens:simatic_rf1140r:-:*:*:*:*:*:*:*
siemenssimatic_reader_rf685r_fcc_firmware*cpe:2.3:o:siemens:simatic_reader_rf685r_fcc_firmware:*:*:*:*:*:*:*:*
siemenssimatic_reader_rf685r_fcc-cpe:2.3:h:siemens:simatic_reader_rf685r_fcc:-:*:*:*:*:*:*:*
siemenssimatic_reader_rf685r_etsi_firmware*cpe:2.3:o:siemens:simatic_reader_rf685r_etsi_firmware:*:*:*:*:*:*:*:*
siemenssimatic_reader_rf685r_etsi-cpe:2.3:h:siemens:simatic_reader_rf685r_etsi:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 541

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF610R CMIIT",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF610R ETSI",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF610R FCC",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF615R CMIIT",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF615R ETSI",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF615R FCC",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF650R ARIB",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF650R CMIIT",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF650R ETSI",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF650R FCC",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF680R ARIB",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF680R CMIIT",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF680R ETSI",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF680R FCC",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF685R ARIB",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF685R CMIIT",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF685R ETSI",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Reader RF685R FCC",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF1140R",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V1.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF1170R",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V1.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF166C",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF185C",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF186C",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF186CI",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF188C",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF188CI",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC RF360R",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

nvd 1
cvelist 1
vulnrichment 1
ics 1
nvd
nvd
CVE-2024-37995
2024-09-10 10:15:11
cvelist
cvelist
CVE-2024-37995
2024-09-10 09:36:42
vulnrichment
vulnrichment
CVE-2024-37995
2024-09-10 09:36:42
ics
ics
Siemens SIMATIC RFID Readers
2024-09-12 12:00:00

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS4

2.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

32.8%

JSON
Related for CVE-2024-37995
nvd1cvelist1vulnrichment1ics1