FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-37991

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

Published: Sep 10, 2024 / Updated: 2mo ago

010
CVSS 6EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability has been identified in multiple SIMATIC Reader RF models and SIMATIC RF models. The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information.

Impact

This vulnerability could lead to unauthorized access to sensitive information stored in service log files. An attacker could potentially use this information for further attacks or to gain insights into the system's configuration and operations. The confidentiality impact is rated as HIGH, while integrity and availability are not directly affected.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Siemens has released updates to address this vulnerability. Users should upgrade to version 4.2 or later for SIMATIC Reader RF models, version 2.2 or later for SIMATIC RF360R and RF166C/185C/186C/188C models, and version 1.1 or later for SIMATIC RF1140R and RF1170R models.

Mitigation

1. Update all affected SIMATIC Reader RF and SIMATIC RF models to the latest firmware versions as provided by Siemens. 2. If immediate updating is not possible, implement network segmentation and restrict access to the affected devices. 3. Monitor and audit access to service log files. 4. Implement strong authentication mechanisms for accessing system logs and sensitive information. 5. Follow the principle of least privilege for user accounts and system access. 6. Regularly review and update security configurations for all SIMATIC devices.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-37991

Sep 10, 2024 at 10:15 AM
CVSS

A CVSS base score of 5.3 has been assigned.

Sep 10, 2024 at 10:21 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-37991. See article

Sep 10, 2024 at 10:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 10, 2024 at 10:21 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Sep 11, 2024 at 10:12 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Sep 18, 2024 at 3:30 PM / nvd
Static CVE Timeline Graph

Affected Systems

Siemens/simatic_rf188ci_firmware
+null more

Patches

cert-portal.siemens.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-116: Excavation
+null more

News

Siemens SIMATIC RFID Readers
Cybersecurity and Infrastructure Security Agency CISA / 2mo
Vulnerabilities : Hidden Functionality, Exposure of Sensitive Information to an Unauthorized Actor, Improper Check or Handling of Exceptional Conditions, Improper Access Control As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.
Multiple vulnerabilities in Siemens SIMATIC RFID Readers
Security feed from CyberSecurity Help / 2mo
The vulnerability allows a remote attacker to gain access to potentially sensitive information. The vulnerability exists due to the service log files of the affected application can be accessed without proper authentication.
NA - CVE-2024-37991 - A vulnerability has been identified in SIMATIC...
Security-Database Alerts Monitor : Last 100 Alerts / 2mo
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader...
CVE-2024-37991
Newest CVEs from Tenable / 2mo
Medium Severity Description A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions Read more at https://www.tenable.com/cve/CVE-2024-37991
CVE-2024-37991 | Siemens SIMATIC Reader RF610R CMIIT up to 4.1 The Service information disclosure (ssa-765405)
VulDB Recent Entries / 2mo
A vulnerability has been found in Siemens SIMATIC Reader RF610R CMIIT, SIMATIC Reader RF610R ETSI, SIMATIC Reader RF610R FCC, SIMATIC Reader RF615R CMIIT, SIMATIC Reader RF615R ETSI, SIMATIC Reader RF615R FCC, SIMATIC Reader RF650R ARIB, SIMATIC Reader RF650R CMIIT, SIMATIC Reader RF650R ETSI, SIMATIC Reader RF650R FCC, SIMATIC Reader RF680R ARIB, SIMATIC Reader RF680R CMIIT, SIMATIC Reader RF680R ETSI, SIMATIC Reader RF680R FCC, SIMATIC Reader RF685R ARIB, SIMATIC Reader RF685R CMIIT, SIMATIC Reader RF685R ETSI, SIMATIC Reader RF685R FCC, SIMATIC RF1140R, SIMATIC RF1170R, SIMATIC RF166C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF186CI, SIMATIC RF188C, SIMATIC RF188CI and SIMATIC RF360R up to 4.1 and classified as problematic . This vulnerability affects unknown code of the component The Service . The manipulation leads to information disclosure. This vulnerability was named CVE-2024-37991 . The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 6.5(29816)CWE-200(8807)CWE-306(1267)Siemens(1918)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial