CVE-2024-37995

Name of the Vulnerable Software and Affected Versions: SIMATIC Reader RF610R CMIIT versions prior to V4.2 SIMATIC Reader RF610R ETSI versions prior to V4.2 SIMATIC Reader RF610R FCC versions prior to V4.2 SIMATIC Reader RF615R CMIIT versions prior to V4.2 SIMATIC Reader RF615R ETSI versions prior to V4.2 SIMATIC Reader RF615R FCC versions prior to V4.2 SIMATIC Reader RF650R ARIB versions prior to V4.2 SIMATIC Reader RF650R CMIIT versions prior to V4.2 SIMATIC Reader RF650R ETSI versions prior to V4.2 SIMATIC Reader RF650R FCC versions prior to V4.2 SIMATIC Reader RF680R ARIB versions prior to V4.2 SIMATIC Reader RF680R CMIIT versions prior to V4.2 SIMATIC Reader RF680R ETSI versions prior to V4.2 SIMATIC Reader RF680R FCC versions prior to V4.2 SIMATIC Reader RF685R ARIB versions prior to V4.2 SIMATIC Reader RF685R CMIIT versions prior to V4.2 SIMATIC Reader RF685R ETSI versions prior to V4.2 SIMATIC Reader RF685R FCC versions prior to V4.2 SIMATIC RF1140R versions prior to V1.1 SIMATIC RF1170R versions prior to V1.1 SIMATIC RF166C versions prior to V2.2 SIMATIC RF185C versions prior to V2.2 SIMATIC RF186C versions prior to V2.2 SIMATIC RF186CI versions prior to V2.2 SIMATIC RF188C versions prior to V2.2 SIMATIC RF188CI versions prior to V2.2 SIMATIC RF360R versions prior to V2.2

Description: The affected application improperly handles errors when a faulty certificate is uploaded, leading to the application crashing. This could allow an attacker to disclose sensitive information. The vulnerability is related to insufficient handling of exceptional states, which can be exploited to cause a denial of service and disclose protected information when an incorrect certificate is uploaded.

Recommendations: For SIMATIC Reader RF610R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF610R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF610R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF615R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF615R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF615R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF650R ARIB versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF650R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF650R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF650R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF680R ARIB versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF680R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF680R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF680R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF685R ARIB versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF685R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF685R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF685R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC RF1140R versions prior to V1.1, update to version V1.1 or later. For SIMATIC RF1170R versions prior to V1.1, update to version V1.1 or later. For SIMATIC RF166C versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF185C versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF186C versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF186CI versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF188C versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF188CI versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF360R versions prior to V2.2, update to version V2.2 or later.