CVE-2024-37993

Name of the Vulnerable Software and Affected Versions: SIMATIC Reader RF610R CMIIT versions prior to V4.2 SIMATIC Reader RF610R ETSI versions prior to V4.2 SIMATIC Reader RF610R FCC versions prior to V4.2 SIMATIC Reader RF615R CMIIT versions prior to V4.2 SIMATIC Reader RF615R ETSI versions prior to V4.2 SIMATIC Reader RF615R FCC versions prior to V4.2 SIMATIC Reader RF650R ARIB versions prior to V4.2 SIMATIC Reader RF650R CMIIT versions prior to V4.2 SIMATIC Reader RF650R ETSI versions prior to V4.2 SIMATIC Reader RF650R FCC versions prior to V4.2 SIMATIC Reader RF680R ARIB versions prior to V4.2 SIMATIC Reader RF680R CMIIT versions prior to V4.2 SIMATIC Reader RF680R ETSI versions prior to V4.2 SIMATIC Reader RF680R FCC versions prior to V4.2 SIMATIC Reader RF685R ARIB versions prior to V4.2 SIMATIC Reader RF685R CMIIT versions prior to V4.2 SIMATIC Reader RF685R ETSI versions prior to V4.2 SIMATIC Reader RF685R FCC versions prior to V4.2 SIMATIC RF1140R versions prior to V1.1 SIMATIC RF1170R versions prior to V1.1 SIMATIC RF166C versions prior to V2.2 SIMATIC RF185C versions prior to V2.2 SIMATIC RF186C versions prior to V2.2 SIMATIC RF186CI versions prior to V2.2 SIMATIC RF188C versions prior to V2.2 SIMATIC RF188CI versions prior to V2.2 SIMATIC RF360R versions prior to V2.2

Description: The issue is related to insufficient access control in SIMATIC Reader, allowing an unauthenticated attacker to create instances of Ajax2App, potentially leading to a denial of service condition. The affected applications do not authenticate the creation of Ajax2App instances.

Recommendations: As a temporary workaround, consider disabling the creation of Ajax2App instances until a patch is available. Restrict access to the vulnerable SIMATIC Reader applications to minimize the risk of exploitation. Update SIMATIC Reader RF610R CMIIT to version V4.2 or later. Update SIMATIC Reader RF610R ETSI to version V4.2 or later. Update SIMATIC Reader RF610R FCC to version V4.2 or later. Update SIMATIC Reader RF615R CMIIT to version V4.2 or later. Update SIMATIC Reader RF615R ETSI to version V4.2 or later. Update SIMATIC Reader RF615R FCC to version V4.2 or later. Update SIMATIC Reader RF650R ARIB to version V4.2 or later. Update SIMATIC Reader RF650R CMIIT to version V4.2 or later. Update SIMATIC Reader RF650R ETSI to version V4.2 or later. Update SIMATIC Reader RF650R FCC to version V4.2 or later. Update SIMATIC Reader RF680R ARIB to version V4.2 or later. Update SIMATIC Reader RF680R CMIIT to version V4.2 or later. Update SIMATIC Reader RF680R ETSI to version V4.2 or later. Update SIMATIC Reader RF680R FCC to version V4.2 or later. Update SIMATIC Reader RF685R ARIB to version V4.2 or later. Update SIMATIC Reader RF685R CMIIT to version V4.2 or later. Update SIMATIC Reader RF685R ETSI to version V4.2 or later. Update SIMATIC Reader RF685R FCC to version V4.2 or later. Update SIMATIC RF1140R to version V1.1 or later. Update SIMATIC RF1170R to version V1.1 or later. Update SIMATIC RF166C to version V2.2 or later. Update SIMATIC RF185C to version V2.2 or later. Update SIMATIC RF186C to version V2.2 or later. Update SIMATIC RF186CI to version V2.2 or later. Update SIMATIC RF188C to version V2.2 or later. Update SIMATIC RF188CI to version V2.2 or later. Update SIMATIC RF360R to version V2.2 or later.