CVE-2024-37994

Name of the Vulnerable Software and Affected Versions: SIMATIC Reader RF610R CMIIT versions prior to V4.2 SIMATIC Reader RF610R ETSI versions prior to V4.2 SIMATIC Reader RF610R FCC versions prior to V4.2 SIMATIC Reader RF615R CMIIT versions prior to V4.2 SIMATIC Reader RF615R ETSI versions prior to V4.2 SIMATIC Reader RF615R FCC versions prior to V4.2 SIMATIC Reader RF650R ARIB versions prior to V4.2 SIMATIC Reader RF650R CMIIT versions prior to V4.2 SIMATIC Reader RF650R ETSI versions prior to V4.2 SIMATIC Reader RF650R FCC versions prior to V4.2 SIMATIC Reader RF680R ARIB versions prior to V4.2 SIMATIC Reader RF680R CMIIT versions prior to V4.2 SIMATIC Reader RF680R ETSI versions prior to V4.2 SIMATIC Reader RF680R FCC versions prior to V4.2 SIMATIC Reader RF685R ARIB versions prior to V4.2 SIMATIC Reader RF685R CMIIT versions prior to V4.2 SIMATIC Reader RF685R ETSI versions prior to V4.2 SIMATIC Reader RF685R FCC versions prior to V4.2 SIMATIC RF1140R versions prior to V1.1 SIMATIC RF1170R versions prior to V1.1 SIMATIC RF166C versions prior to V2.2 SIMATIC RF185C versions prior to V2.2 SIMATIC RF186C versions prior to V2.2 SIMATIC RF186CI versions prior to V2.2 SIMATIC RF188C versions prior to V2.2 SIMATIC RF188CI versions prior to V2.2 SIMATIC RF360R versions prior to V2.2

Description: The affected application contains a hidden configuration item to enable debug functionality, which could allow an attacker to gain insight into the internal configuration of the deployment. This issue is related to the presence of undocumented configuration commands in the SIMATIC Reader software. Exploitation of this vulnerability may enable an attacker to activate the debug functionality.

Recommendations: For SIMATIC Reader RF610R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF610R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF610R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF615R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF615R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF615R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF650R ARIB versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF650R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF650R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF650R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF680R ARIB versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF680R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF680R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF680R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF685R ARIB versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF685R CMIIT versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF685R ETSI versions prior to V4.2, update to version V4.2 or later. For SIMATIC Reader RF685R FCC versions prior to V4.2, update to version V4.2 or later. For SIMATIC RF1140R versions prior to V1.1, update to version V1.1 or later. For SIMATIC RF1170R versions prior to V1.1, update to version V1.1 or later. For SIMATIC RF166C versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF185C versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF186C versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF186CI versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF188C versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF188CI versions prior to V2.2, update to version V2.2 or later. For SIMATIC RF360R versions prior to V2.2, update to version V2.2 or later.