Full Report
SIMATIC RFID Readers contain multiple vulnerabilities that could allow an attacker to cause Denial-of-Service, exploit hidden functionality and information exposure. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in SIMATIC RFID Readers (DoS, Hidden Functionality, Information Exposure)
## CVE Details
This advisory covers multiple vulnerabilities without specific individual CVE IDs being assigned in the summary provided, though the text lists several associated CVE identifiers. Based on the provided text, there are at least CVE-2024-37990 through CVE-2024-37995 mentioned. The overall advisory summary indicates a general severity, and individual scores are provided below.
| CVE ID | CVSS v3.1 Score | CVSS v4.0 Score | Primary Impact | CWE |
| :--- | :--- | :--- | :--- | :--- |
| CVE-2024-37990 | 7.5 (High) | 8.8 (Critical) | Information Exposure | CWE-200 (Exposure of Sensitive Information) |
| CVE-2024-37991 | 6.5 (Medium) | 7.0 (High) | Denial of Service | CWE-703 (Improper Check or Handling of Exceptional Conditions) |
| CVE-2024-37992 | 6.5 (Medium) | 7.0 (High) | Denial of Service | CWE-703 (Improper Check or Handling of Exceptional Conditions) |
| CVE-2024-37993 | 5.3 (Medium) | 6.9 (Medium) | Denial of Service | CWE-284 (Improper Access Control) |
| CVE-2024-37994 | 4.3 (Medium) | 5.3 (Low/Medium) | Information Exposure (Hidden Functionality) | CWE-912 (Hidden Functionality) |
| CVE-2024-37995 | 2.7 (Low) | 2.1 (Low) | Information Exposure | CWE-703 (Improper Check or Handling of Exceptional Conditions) |
The overall advisory score provided is **CVSS v3.1 Base Score: 6.5 (Medium)** and **CVSS v4.0 Base Score: 7.0 (High)**.
## Affected Systems
- **Products:** SIMATIC READER RF1xxC Family, specifically including SIMATIC RF166C (6GT2002-0EE20), SIMATIC RF185C (6GT2002-0JE10), SIMATIC RF186C (6GT2002-0JE20), SIMATIC RF186CI (6GT2002-0JE50), and SIMATIC RF188C (6GT2002-0JE40).
- **Versions:** All versions **less than V2.2** for the listed specific products.
- **Configurations:** Not explicitly detailed, but vulnerabilities appear related to device operations and specific configuration paths.
## Vulnerability Description
The advisory details several flaws across the affected SIMATIC RFID Readers leading to potential DoS, hidden functionality exploitation, and information exposure:
* **CVE-2024-37990:** Information disclosure due to an insecure configuration option.
* **CVE-2024-37991 & CVE-2024-37992 (DoS):** Errors handling invalid input data potentially leading to a crash/Denial of Service.
* **CVE-2024-37993 (DoS):** Unauthenticated creation of `Ajax2App` instances allows an unauthenticated attacker to cause a DoS condition via improper access control.
* **CVE-2024-37994 (Hidden Functionality/Info Exposure):** A hidden configuration item enables debug functionality, potentially exposing internal configuration details if accessed by an attacker with low privileges (`PR:L`).
* **CVE-2024-37995 (Info Exposure/DoS):** Improper handling of errors during a faulty certificate upload can lead to an application crash and disclosure of sensitive information, requiring high privileges (`PR:H`).
## Exploitation
Since the advisory lists multiple CVEs spanning DoS, control bypass, and information disclosure, the exploitation status cannot be assumed to be uniform.
- **Status:** Not explicitly stated as exploited in the wild in the summary. Given the range of severities, assume PoCs *may* exist or be easily derivable for the DoS and Info Exposure vectors.
- **Complexity (Based on individual vectors):** Varies from Low (Network Access, Low Privilege Required) to High (Requires specific conditions or higher privileges). CVE-2024-37993 is Low Complexity (Unauthenticated, Network).
- **Attack Vector (A):** Primarily **Network (AV:N)** for all detailed vulnerabilities.
## Impact
The aggregated impact covers all three CIA aspects:
- **Confidentiality:** Affected by CVE-2024-37990 (Information Exposure) and CVE-2024-37995 (Sensitive Information Disclosure).
- **Integrity:** Implicitly affected by the hidden functionality exposure (CVE-2024-37994).
- **Availability:** Directly impacted by CVE-2024-37991, CVE-2024-37992, and CVE-2024-37993 resulting in Denial of Service (DoS).
## Remediation
### Patches
- **Recommended Action:** Update to **V2.2 or a later version**.
- **Patch Link:** Specific patch information and downloads are available via the Siemens support link: `https://support.industry.siemens.com/cs/ww/en/view/109974131/`
### Workarounds
No specific workarounds are detailed in the provided summary text. Primary recommendation is immediate patching.
## Detection
- **Indicators of Compromise:** Not specified. Detection efforts should focus on monitoring network traffic for anomalous management/configuration requests directed at the RFID readers or monitoring the devices for unexpected crashes or restarts (DoS symptoms).
- **Detection Methods and Tools:** Application of vendor-released patches is the definitive detection/prevention method. Network monitoring tools looking for unusual protocol behavior targeting the reader management interface might be relevant.
## References
- **Vendor Advisories:** SSA-765405 (Published: 2024-09-10)
- **Relevant Links:**
- Siemens Security Advisory Portal: `https://www.siemens.com/cert/advisories`
- Support Download Page: `https://support.industry.siemens.com/cs/ww/en/view/109974131/`