SSA-765405

Siemens Security Advisory by Siemens ProductCERT

SSA-765405: Multiple Vulnerabilities in SIMATIC RFID Readers

Publication Date:	2024-09-10
Last Update:	2024-09-10
Current Version:	V1.0
CVSS v3.1 Base Score:	6.5
CVSS v4.0 Base Score:	7.0

SUMMARY

SIMATIC RFID Readers contain multiple vulnerabilities that could allow an attacker to cause Denial-of-Service, exploit hidden functionality and information exposure.

Siemens has released new versions for the affected products and recommends to update to the latest versions.

AFFECTED PRODUCTS AND SOLUTION

Un-/Collapse All

Affected Product and Versions	Remediation
SIMATIC READER RF1xxC Family	Update to V2.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF166C (6GT2002-0EE20) All versions < V2.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V2.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF185C (6GT2002-0JE10) All versions < V2.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V2.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF186C (6GT2002-0JE20) All versions < V2.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V2.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF186CI (6GT2002-0JE50) All versions < V2.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V2.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF188C (6GT2002-0JE40) All versions < V2.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V2.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF188CI (6GT2002-0JE60) All versions < V2.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V2.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) All versions < V4.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V4.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF11xxR Family	Update to V1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF1140R (6GT2831-6CB00) All versions < V1.1 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF1170R (6GT2831-6BB00) All versions < V1.1 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/
SIMATIC RF360R (6GT2801-5BA30) All versions < V2.2 affected by all CVEs CVE-2024-37990 CVE-2024-37991 CVE-2024-37992 CVE-2024-37993 CVE-2024-37994 CVE-2024-37995	Update to V2.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109974131/

WORKAROUNDS AND MITIGATIONS

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SIMATIC RF600 Readers are used for the contactless identification of every kind of object, e.g. transport containers, pallets, production goods, or it can be generally used for recording goods in bulk.

SIMATIC RF1100 is an RFID-based solution for simple and versatile management of electronic authorization.

The SIMATIC RF360R reader extends the SIMATIC RF300 RFID system by a compact reader with an integrated Industrial Ethernet interface.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-37990

The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device.

CVSS v3.1 Base Score	6.5
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score	7.0
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-912: Hidden Functionality

Vulnerability CVE-2024-37991

The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information.

CVSS v3.1 Base Score	5.3
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS v4.0 Base Score	6.0
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CWE	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Vulnerability CVE-2024-37992

The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application.

CVSS v3.1 Base Score	4.9
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score	5.9
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE	CWE-703: Improper Check or Handling of Exceptional Conditions

Vulnerability CVE-2024-37993

The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition.

CVSS v3.1 Base Score	5.3
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS v4.0 Base Score	6.9
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CWE	CWE-284: Improper Access Control

Vulnerability CVE-2024-37994

The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment.

CVSS v3.1 Base Score	4.3
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS v4.0 Base Score	5.3
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CWE	CWE-912: Hidden Functionality

Vulnerability CVE-2024-37995

The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information.

CVSS v3.1 Base Score	2.7
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CVSS v4.0 Base Score	2.1
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CWE	CWE-703: Improper Check or Handling of Exceptional Conditions

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2024-09-10):

Publication Date

Siemens Security Advisories are subject to the terms and conditions contained in Siemens’ underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens’ Global Website (https://www.siemens.com/ terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.