Information disclosure in Siemens products - CVE-2024-37991

 

Information disclosure in Siemens products - CVE-2024-37991

Published: September 11, 2024


Vulnerability identifier: #VU97149
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-37991
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Siemens
Affected software:
SIMATIC RF166C
SIMATIC RF185C
SIMATIC RF186C
SIMATIC RF186CI
SIMATIC RF188C
SIMATIC RF188CI
SIMATIC Reader RF610R CMIIT
SIMATIC Reader RF610R ETSI
SIMATIC Reader RF610R FCC
SIMATIC Reader RF615R CMIIT
SIMATIC Reader RF615R ETSI
SIMATIC Reader RF615R FCC
SIMATIC Reader RF650R ARIB
SIMATIC Reader RF650R CMIIT
SIMATIC Reader RF650R ETSI
SIMATIC Reader RF650R FCC
SIMATIC Reader RF680R ARIB
SIMATIC Reader RF680R CMIIT
SIMATIC Reader RF680R ETSI
SIMATIC Reader RF680R FCC
SIMATIC Reader RF685R ARIB
SIMATIC Reader RF685R CMIIT
SIMATIC Reader RF685R ETSI
SIMATIC Reader RF685R FCC
SIMATIC RF1140R
SIMATIC RF1170R
SIMATIC RF360R

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the service log files of the affected application can be accessed without proper authentication. A remote attacker can gain unauthorized access to sensitive information on the system.


How to mitigate CVE-2024-37991

Install updates from vendor's website.

Sources