#VU97151 Improper Check or Handling of Exceptional Conditions in Siemens products - CVE-2024-37992
Published: September 11, 2024
Vulnerability identifier: #VU97151
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-37992
CWE-ID: CWE-703
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SIMATIC RF166C
SIMATIC RF185C
SIMATIC RF186C
SIMATIC RF186CI
SIMATIC RF188C
SIMATIC RF188CI
SIMATIC Reader RF610R CMIIT
SIMATIC Reader RF610R ETSI
SIMATIC Reader RF610R FCC
SIMATIC Reader RF615R CMIIT
SIMATIC Reader RF615R ETSI
SIMATIC Reader RF615R FCC
SIMATIC Reader RF650R ARIB
SIMATIC Reader RF650R CMIIT
SIMATIC Reader RF650R ETSI
SIMATIC Reader RF650R FCC
SIMATIC Reader RF680R ARIB
SIMATIC Reader RF680R CMIIT
SIMATIC Reader RF680R ETSI
SIMATIC Reader RF680R FCC
SIMATIC Reader RF685R ARIB
SIMATIC Reader RF685R CMIIT
SIMATIC Reader RF685R ETSI
SIMATIC Reader RF685R FCC
SIMATIC RF1140R
SIMATIC RF1170R
SIMATIC RF360R
SIMATIC RF166C
SIMATIC RF185C
SIMATIC RF186C
SIMATIC RF186CI
SIMATIC RF188C
SIMATIC RF188CI
SIMATIC Reader RF610R CMIIT
SIMATIC Reader RF610R ETSI
SIMATIC Reader RF610R FCC
SIMATIC Reader RF615R CMIIT
SIMATIC Reader RF615R ETSI
SIMATIC Reader RF615R FCC
SIMATIC Reader RF650R ARIB
SIMATIC Reader RF650R CMIIT
SIMATIC Reader RF650R ETSI
SIMATIC Reader RF650R FCC
SIMATIC Reader RF680R ARIB
SIMATIC Reader RF680R CMIIT
SIMATIC Reader RF680R ETSI
SIMATIC Reader RF680R FCC
SIMATIC Reader RF685R ARIB
SIMATIC Reader RF685R CMIIT
SIMATIC Reader RF685R ETSI
SIMATIC Reader RF685R FCC
SIMATIC RF1140R
SIMATIC RF1170R
SIMATIC RF360R
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected devices does not properly handle the error in case of exceeding characters while setting SNMP. A remote administrator can restart the target application.
Remediation
Install updates from vendor's website.