Hidden functionality in Siemens products - CVE-2024-37994
Published: September 11, 2024
Vulnerability identifier: #VU97159
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-37994
CWE-ID: CWE-912
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SIMATIC RF166C
SIMATIC RF185C
SIMATIC RF186C
SIMATIC RF186CI
SIMATIC RF188C
SIMATIC RF188CI
SIMATIC Reader RF610R CMIIT
SIMATIC Reader RF610R ETSI
SIMATIC Reader RF610R FCC
SIMATIC Reader RF615R CMIIT
SIMATIC Reader RF615R ETSI
SIMATIC Reader RF615R FCC
SIMATIC Reader RF650R ARIB
SIMATIC Reader RF650R CMIIT
SIMATIC Reader RF650R ETSI
SIMATIC Reader RF650R FCC
SIMATIC Reader RF680R ARIB
SIMATIC Reader RF680R CMIIT
SIMATIC Reader RF680R ETSI
SIMATIC Reader RF680R FCC
SIMATIC Reader RF685R ARIB
SIMATIC Reader RF685R CMIIT
SIMATIC Reader RF685R ETSI
SIMATIC Reader RF685R FCC
SIMATIC RF1140R
SIMATIC RF1170R
SIMATIC RF360R
SIMATIC RF166C
SIMATIC RF185C
SIMATIC RF186C
SIMATIC RF186CI
SIMATIC RF188C
SIMATIC RF188CI
SIMATIC Reader RF610R CMIIT
SIMATIC Reader RF610R ETSI
SIMATIC Reader RF610R FCC
SIMATIC Reader RF615R CMIIT
SIMATIC Reader RF615R ETSI
SIMATIC Reader RF615R FCC
SIMATIC Reader RF650R ARIB
SIMATIC Reader RF650R CMIIT
SIMATIC Reader RF650R ETSI
SIMATIC Reader RF650R FCC
SIMATIC Reader RF680R ARIB
SIMATIC Reader RF680R CMIIT
SIMATIC Reader RF680R ETSI
SIMATIC Reader RF680R FCC
SIMATIC Reader RF685R ARIB
SIMATIC Reader RF685R CMIIT
SIMATIC Reader RF685R ETSI
SIMATIC Reader RF685R FCC
SIMATIC RF1140R
SIMATIC RF1170R
SIMATIC RF360R
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to the affected application contains a hidden configuration item to enable debug functionality. A remote user can insight into the internal configuration of the deployment.
How to mitigate CVE-2024-37994
Install updates from vendor's website.