#VU97149 Information disclosure in Siemens products - CVE-2024-37991
Published: September 11, 2024
Vulnerability identifier: #VU97149
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-37991
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SIMATIC RF166C
SIMATIC RF185C
SIMATIC RF186C
SIMATIC RF186CI
SIMATIC RF188C
SIMATIC RF188CI
SIMATIC Reader RF610R CMIIT
SIMATIC Reader RF610R ETSI
SIMATIC Reader RF610R FCC
SIMATIC Reader RF615R CMIIT
SIMATIC Reader RF615R ETSI
SIMATIC Reader RF615R FCC
SIMATIC Reader RF650R ARIB
SIMATIC Reader RF650R CMIIT
SIMATIC Reader RF650R ETSI
SIMATIC Reader RF650R FCC
SIMATIC Reader RF680R ARIB
SIMATIC Reader RF680R CMIIT
SIMATIC Reader RF680R ETSI
SIMATIC Reader RF680R FCC
SIMATIC Reader RF685R ARIB
SIMATIC Reader RF685R CMIIT
SIMATIC Reader RF685R ETSI
SIMATIC Reader RF685R FCC
SIMATIC RF1140R
SIMATIC RF1170R
SIMATIC RF360R
SIMATIC RF166C
SIMATIC RF185C
SIMATIC RF186C
SIMATIC RF186CI
SIMATIC RF188C
SIMATIC RF188CI
SIMATIC Reader RF610R CMIIT
SIMATIC Reader RF610R ETSI
SIMATIC Reader RF610R FCC
SIMATIC Reader RF615R CMIIT
SIMATIC Reader RF615R ETSI
SIMATIC Reader RF615R FCC
SIMATIC Reader RF650R ARIB
SIMATIC Reader RF650R CMIIT
SIMATIC Reader RF650R ETSI
SIMATIC Reader RF650R FCC
SIMATIC Reader RF680R ARIB
SIMATIC Reader RF680R CMIIT
SIMATIC Reader RF680R ETSI
SIMATIC Reader RF680R FCC
SIMATIC Reader RF685R ARIB
SIMATIC Reader RF685R CMIIT
SIMATIC Reader RF685R ETSI
SIMATIC Reader RF685R FCC
SIMATIC RF1140R
SIMATIC RF1170R
SIMATIC RF360R
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the service log files of the affected application can be accessed without proper authentication. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.