#VU97160 Improper Check or Handling of Exceptional Conditions in Siemens products - CVE-2024-37995

Vulnerability identifier: #VU97160

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-37995

CWE-ID: CWE-703

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SIMATIC RF166C
SIMATIC RF185C
SIMATIC RF186C
SIMATIC RF186CI
SIMATIC RF188C
SIMATIC RF188CI
SIMATIC Reader RF610R CMIIT
SIMATIC Reader RF610R ETSI
SIMATIC Reader RF610R FCC
SIMATIC Reader RF615R CMIIT
SIMATIC Reader RF615R ETSI
SIMATIC Reader RF615R FCC
SIMATIC Reader RF650R ARIB
SIMATIC Reader RF650R CMIIT
SIMATIC Reader RF650R ETSI
SIMATIC Reader RF650R FCC
SIMATIC Reader RF680R ARIB
SIMATIC Reader RF680R CMIIT
SIMATIC Reader RF680R ETSI
SIMATIC Reader RF680R FCC
SIMATIC Reader RF685R ARIB
SIMATIC Reader RF685R CMIIT
SIMATIC Reader RF685R ETSI
SIMATIC Reader RF685R FCC
SIMATIC RF1140R
SIMATIC RF1170R
SIMATIC RF360R

Software vendor:
Siemens

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the affected application improperly handles error while a faulty certificate upload leading to crashing of application. A remote administrator can disclose sensitive information.

Install updates from vendor's website.

• https://cert-portal.siemens.com/productcert/html/ssa-765405.html