Multiple vulnerabilities in Siemens SIMATIC RFID Readers



Published: 2024-09-11
Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2024-37990
CVE-2024-37991
CVE-2024-37992
CVE-2024-37993
CVE-2024-37994
CVE-2024-37995
CWE-ID CWE-912
CWE-200
CWE-703
CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SIMATIC RF166C
Server applications / SCADA systems

SIMATIC RF185C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIMATIC RF186C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIMATIC RF186CI
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIMATIC RF188C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIMATIC RF188CI
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIMATIC Reader RF610R CMIIT
Hardware solutions / Firmware

SIMATIC Reader RF610R ETSI
Hardware solutions / Firmware

SIMATIC Reader RF610R FCC
Hardware solutions / Firmware

SIMATIC Reader RF615R CMIIT
Hardware solutions / Firmware

SIMATIC Reader RF615R ETSI
Hardware solutions / Firmware

SIMATIC Reader RF615R FCC
Hardware solutions / Firmware

SIMATIC Reader RF650R ARIB
Hardware solutions / Firmware

SIMATIC Reader RF650R CMIIT
Hardware solutions / Firmware

SIMATIC Reader RF650R ETSI
Hardware solutions / Firmware

SIMATIC Reader RF650R FCC
Hardware solutions / Firmware

SIMATIC Reader RF680R ARIB
Hardware solutions / Firmware

SIMATIC Reader RF680R CMIIT
Hardware solutions / Firmware

SIMATIC Reader RF680R ETSI
Hardware solutions / Firmware

SIMATIC Reader RF680R FCC
Hardware solutions / Firmware

SIMATIC Reader RF685R ARIB
Hardware solutions / Firmware

SIMATIC Reader RF685R CMIIT
Hardware solutions / Firmware

SIMATIC Reader RF685R ETSI
Hardware solutions / Firmware

SIMATIC Reader RF685R FCC
Hardware solutions / Firmware

SIMATIC RF1140R
Hardware solutions / Firmware

SIMATIC RF1170R
Hardware solutions / Firmware

SIMATIC RF360R
Hardware solutions / Firmware

Vendor

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Hidden functionality

EUVDB-ID: #VU97148

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37990

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system

The vulnerability exists due to the affected applications contain configuration files which can be modified. A remote administrator can modify these files and enable features that are not released for this device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC RF166C: before 2.2

SIMATIC RF185C: before 2.2

SIMATIC RF186C: before 2.2

SIMATIC RF186CI: before 2.2

SIMATIC RF188C: before 2.2

SIMATIC RF188CI: before 2.2

SIMATIC Reader RF610R CMIIT: before 4.2

SIMATIC Reader RF610R ETSI: before 4.2

SIMATIC Reader RF610R FCC: before 4.2

SIMATIC Reader RF615R CMIIT: before 4.2

SIMATIC Reader RF615R ETSI: before 4.2

SIMATIC Reader RF615R FCC: before 4.2

SIMATIC Reader RF650R ARIB: before 4.2

SIMATIC Reader RF650R CMIIT: before 4.2

SIMATIC Reader RF650R ETSI: before 4.2

SIMATIC Reader RF650R FCC: before 4.2

SIMATIC Reader RF680R ARIB: before 4.2

SIMATIC Reader RF680R CMIIT: before 4.2

SIMATIC Reader RF680R ETSI: before 4.2

SIMATIC Reader RF680R FCC: before 4.2

SIMATIC Reader RF685R ARIB: before 4.2

SIMATIC Reader RF685R CMIIT: before 4.2

SIMATIC Reader RF685R ETSI: before 4.2

SIMATIC Reader RF685R FCC: before 4.2

SIMATIC RF1140R: before 1.1

SIMATIC RF1170R: before 1.1

SIMATIC RF360R: before 2.2

CPE2.3
External links

http://cert-portal.siemens.com/productcert/html/ssa-765405.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU97149

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37991

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the service log files of the affected application can be accessed without proper authentication. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC RF166C: before 2.2

SIMATIC RF185C: before 2.2

SIMATIC RF186C: before 2.2

SIMATIC RF186CI: before 2.2

SIMATIC RF188C: before 2.2

SIMATIC RF188CI: before 2.2

SIMATIC Reader RF610R CMIIT: before 4.2

SIMATIC Reader RF610R ETSI: before 4.2

SIMATIC Reader RF610R FCC: before 4.2

SIMATIC Reader RF615R CMIIT: before 4.2

SIMATIC Reader RF615R ETSI: before 4.2

SIMATIC Reader RF615R FCC: before 4.2

SIMATIC Reader RF650R ARIB: before 4.2

SIMATIC Reader RF650R CMIIT: before 4.2

SIMATIC Reader RF650R ETSI: before 4.2

SIMATIC Reader RF650R FCC: before 4.2

SIMATIC Reader RF680R ARIB: before 4.2

SIMATIC Reader RF680R CMIIT: before 4.2

SIMATIC Reader RF680R ETSI: before 4.2

SIMATIC Reader RF680R FCC: before 4.2

SIMATIC Reader RF685R ARIB: before 4.2

SIMATIC Reader RF685R CMIIT: before 4.2

SIMATIC Reader RF685R ETSI: before 4.2

SIMATIC Reader RF685R FCC: before 4.2

SIMATIC RF1140R: before 1.1

SIMATIC RF1170R: before 1.1

SIMATIC RF360R: before 2.2

CPE2.3
External links

http://cert-portal.siemens.com/productcert/html/ssa-765405.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU97151

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37992

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected devices does not properly handle the error in case of exceeding characters while setting SNMP. A remote administrator can restart the target application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC RF166C: before 2.2

SIMATIC RF185C: before 2.2

SIMATIC RF186C: before 2.2

SIMATIC RF186CI: before 2.2

SIMATIC RF188C: before 2.2

SIMATIC RF188CI: before 2.2

SIMATIC Reader RF610R CMIIT: before 4.2

SIMATIC Reader RF610R ETSI: before 4.2

SIMATIC Reader RF610R FCC: before 4.2

SIMATIC Reader RF615R CMIIT: before 4.2

SIMATIC Reader RF615R ETSI: before 4.2

SIMATIC Reader RF615R FCC: before 4.2

SIMATIC Reader RF650R ARIB: before 4.2

SIMATIC Reader RF650R CMIIT: before 4.2

SIMATIC Reader RF650R ETSI: before 4.2

SIMATIC Reader RF650R FCC: before 4.2

SIMATIC Reader RF680R ARIB: before 4.2

SIMATIC Reader RF680R CMIIT: before 4.2

SIMATIC Reader RF680R ETSI: before 4.2

SIMATIC Reader RF680R FCC: before 4.2

SIMATIC Reader RF685R ARIB: before 4.2

SIMATIC Reader RF685R CMIIT: before 4.2

SIMATIC Reader RF685R ETSI: before 4.2

SIMATIC Reader RF685R FCC: before 4.2

SIMATIC RF1140R: before 1.1

SIMATIC RF1170R: before 1.1

SIMATIC RF360R: before 2.2

CPE2.3
External links

http://cert-portal.siemens.com/productcert/html/ssa-765405.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU97152

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37993

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected applications do not authenticated the creation of Ajax2App instances. A remote attacker can bypass implemented security restrictions and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC RF166C: before 2.2

SIMATIC RF185C: before 2.2

SIMATIC RF186C: before 2.2

SIMATIC RF186CI: before 2.2

SIMATIC RF188C: before 2.2

SIMATIC RF188CI: before 2.2

SIMATIC Reader RF610R CMIIT: before 4.2

SIMATIC Reader RF610R ETSI: before 4.2

SIMATIC Reader RF610R FCC: before 4.2

SIMATIC Reader RF615R CMIIT: before 4.2

SIMATIC Reader RF615R ETSI: before 4.2

SIMATIC Reader RF615R FCC: before 4.2

SIMATIC Reader RF650R ARIB: before 4.2

SIMATIC Reader RF650R CMIIT: before 4.2

SIMATIC Reader RF650R ETSI: before 4.2

SIMATIC Reader RF650R FCC: before 4.2

SIMATIC Reader RF680R ARIB: before 4.2

SIMATIC Reader RF680R CMIIT: before 4.2

SIMATIC Reader RF680R ETSI: before 4.2

SIMATIC Reader RF680R FCC: before 4.2

SIMATIC Reader RF685R ARIB: before 4.2

SIMATIC Reader RF685R CMIIT: before 4.2

SIMATIC Reader RF685R ETSI: before 4.2

SIMATIC Reader RF685R FCC: before 4.2

SIMATIC RF1140R: before 1.1

SIMATIC RF1170R: before 1.1

SIMATIC RF360R: before 2.2

CPE2.3
External links

http://cert-portal.siemens.com/productcert/html/ssa-765405.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Hidden functionality

EUVDB-ID: #VU97159

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37994

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to the affected application contains a hidden configuration item to enable debug functionality. A remote user can insight into the internal configuration of the deployment.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC RF166C: before 2.2

SIMATIC RF185C: before 2.2

SIMATIC RF186C: before 2.2

SIMATIC RF186CI: before 2.2

SIMATIC RF188C: before 2.2

SIMATIC RF188CI: before 2.2

SIMATIC Reader RF610R CMIIT: before 4.2

SIMATIC Reader RF610R ETSI: before 4.2

SIMATIC Reader RF610R FCC: before 4.2

SIMATIC Reader RF615R CMIIT: before 4.2

SIMATIC Reader RF615R ETSI: before 4.2

SIMATIC Reader RF615R FCC: before 4.2

SIMATIC Reader RF650R ARIB: before 4.2

SIMATIC Reader RF650R CMIIT: before 4.2

SIMATIC Reader RF650R ETSI: before 4.2

SIMATIC Reader RF650R FCC: before 4.2

SIMATIC Reader RF680R ARIB: before 4.2

SIMATIC Reader RF680R CMIIT: before 4.2

SIMATIC Reader RF680R ETSI: before 4.2

SIMATIC Reader RF680R FCC: before 4.2

SIMATIC Reader RF685R ARIB: before 4.2

SIMATIC Reader RF685R CMIIT: before 4.2

SIMATIC Reader RF685R ETSI: before 4.2

SIMATIC Reader RF685R FCC: before 4.2

SIMATIC RF1140R: before 1.1

SIMATIC RF1170R: before 1.1

SIMATIC RF360R: before 2.2

CPE2.3
External links

http://cert-portal.siemens.com/productcert/html/ssa-765405.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU97160

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37995

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the affected application improperly handles error while a faulty certificate upload leading to crashing of application. A remote administrator can disclose sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC RF166C: before 2.2

SIMATIC RF185C: before 2.2

SIMATIC RF186C: before 2.2

SIMATIC RF186CI: before 2.2

SIMATIC RF188C: before 2.2

SIMATIC RF188CI: before 2.2

SIMATIC Reader RF610R CMIIT: before 4.2

SIMATIC Reader RF610R ETSI: before 4.2

SIMATIC Reader RF610R FCC: before 4.2

SIMATIC Reader RF615R CMIIT: before 4.2

SIMATIC Reader RF615R ETSI: before 4.2

SIMATIC Reader RF615R FCC: before 4.2

SIMATIC Reader RF650R ARIB: before 4.2

SIMATIC Reader RF650R CMIIT: before 4.2

SIMATIC Reader RF650R ETSI: before 4.2

SIMATIC Reader RF650R FCC: before 4.2

SIMATIC Reader RF680R ARIB: before 4.2

SIMATIC Reader RF680R CMIIT: before 4.2

SIMATIC Reader RF680R ETSI: before 4.2

SIMATIC Reader RF680R FCC: before 4.2

SIMATIC Reader RF685R ARIB: before 4.2

SIMATIC Reader RF685R CMIIT: before 4.2

SIMATIC Reader RF685R ETSI: before 4.2

SIMATIC Reader RF685R FCC: before 4.2

SIMATIC RF1140R: before 1.1

SIMATIC RF1170R: before 1.1

SIMATIC RF360R: before 2.2

CPE2.3
External links

http://cert-portal.siemens.com/productcert/html/ssa-765405.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###