CVE-2024-37995

LOW
Published Sep 10, 2024 Modified Sep 18, 2024 CWE-703

Description

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information.

CVSS v3.1 Score

2.7
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Weakness Type (CWE)

CWE-703 CWE-703

Affected Products

Vendor Product
siemens simatic_rf360r_firmware
siemens simatic_rf360r
siemens simatic_rf1170r_firmware
siemens simatic_rf1170r
siemens simatic_rf1140r_firmware
siemens simatic_rf1140r
siemens simatic_reader_rf685r_fcc_firmware
siemens simatic_reader_rf685r_fcc
siemens simatic_reader_rf685r_etsi_firmware
siemens simatic_reader_rf685r_etsi
siemens simatic_reader_rf685r_cmiit_firmware
siemens simatic_reader_rf685r_cmiit
siemens simatic_reader_rf685r_arib_firmware
siemens simatic_reader_rf685r_arib
siemens simatic_reader_rf680r_fcc_firmware
siemens simatic_reader_rf680r_fcc
siemens simatic_reader_rf680r_etsi_firmware
siemens simatic_reader_rf680r_etsi
siemens simatic_reader_rf680r_cmiit_firmware
siemens simatic_reader_rf680r_cmiit
siemens simatic_reader_rf680r_arib_firmware
siemens simatic_reader_rf680r_arib
siemens simatic_reader_rf650r_fcc_firmware
siemens simatic_reader_rf650r_fcc
siemens simatic_reader_rf650r_etsi_firmware
siemens simatic_reader_rf650r_etsi
siemens simatic_reader_rf650r_cmiit_firmware
siemens simatic_reader_rf650r_cmiit
siemens simatic_reader_rf650r_arib_firmware
siemens simatic_reader_rf650r_arib
siemens simatic_reader_rf615r_fcc_firmware
siemens simatic_reader_rf615r_fcc
siemens simatic_reader_rf615r_etsi_firmware
siemens simatic_reader_rf615r_etsi
siemens simatic_reader_rf615r_cmiit_firmware
siemens simatic_reader_rf615r_cmiit
siemens simatic_reader_rf610r_fcc_firmware
siemens simatic_reader_rf610r_fcc
siemens simatic_reader_rf610r_etsi_firmware
siemens simatic_reader_rf610r_etsi
siemens simatic_reader_rf610r_cmiit_firmware
siemens simatic_reader_rf610r_cmiit
siemens simatic_rf188ci_firmware
siemens simatic_rf188ci
siemens simatic_rf188c_firmware
siemens simatic_rf188c
siemens simatic_rf186ci_firmware
siemens simatic_rf186ci
siemens simatic_rf186c_firmware
siemens simatic_rf186c
siemens simatic_rf185c_firmware
siemens simatic_rf185c
siemens simatic_rf166c_firmware
siemens simatic_rf166c

References

Frequently Asked Questions

What is CVE-2024-37995? +
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information. It has a CVSS v3.1 base score of 2.7 (LOW).
How severe is CVE-2024-37995? +
CVE-2024-37995 has a CVSS v3.1 score of 2.7 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2024-37995? +
CVE-2024-37995 affects products from siemens, specifically: simatic_reader_rf610r_cmiit, simatic_reader_rf610r_cmiit_firmware, simatic_reader_rf610r_etsi, simatic_reader_rf610r_etsi_firmware, simatic_reader_rf610r_fcc, simatic_reader_rf610r_fcc_firmware, simatic_reader_rf615r_cmiit, simatic_reader_rf615r_cmiit_firmware, simatic_reader_rf615r_etsi, simatic_reader_rf615r_etsi_firmware, simatic_reader_rf615r_fcc, simatic_reader_rf615r_fcc_firmware, simatic_reader_rf650r_arib, simatic_reader_rf650r_arib_firmware, simatic_reader_rf650r_cmiit, simatic_reader_rf650r_cmiit_firmware, simatic_reader_rf650r_etsi, simatic_reader_rf650r_etsi_firmware, simatic_reader_rf650r_fcc, simatic_reader_rf650r_fcc_firmware, simatic_reader_rf680r_arib, simatic_reader_rf680r_arib_firmware, simatic_reader_rf680r_cmiit, simatic_reader_rf680r_cmiit_firmware, simatic_reader_rf680r_etsi, simatic_reader_rf680r_etsi_firmware, simatic_reader_rf680r_fcc, simatic_reader_rf680r_fcc_firmware, simatic_reader_rf685r_arib, simatic_reader_rf685r_arib_firmware, simatic_reader_rf685r_cmiit, simatic_reader_rf685r_cmiit_firmware, simatic_reader_rf685r_etsi, simatic_reader_rf685r_etsi_firmware, simatic_reader_rf685r_fcc, simatic_reader_rf685r_fcc_firmware, simatic_rf1140r, simatic_rf1140r_firmware, simatic_rf1170r, simatic_rf1170r_firmware, simatic_rf166c, simatic_rf166c_firmware, simatic_rf185c, simatic_rf185c_firmware, simatic_rf186c, simatic_rf186c_firmware, simatic_rf186ci, simatic_rf186ci_firmware, simatic_rf188c, simatic_rf188c_firmware, simatic_rf188ci, simatic_rf188ci_firmware, simatic_rf360r, simatic_rf360r_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-37995? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-37995 — free, no signup required.

Start Free Scan