PT-2024-7408 · Siemens · Simatic Rf188C+11
Published
2024-08-10
·
Updated
2024-09-18
·
CVE-2024-37992
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
SIMATIC Reader RF610R CMIIT versions prior to V4.2
SIMATIC Reader RF610R ETSI versions prior to V4.2
SIMATIC Reader RF610R FCC versions prior to V4.2
SIMATIC Reader RF615R CMIIT versions prior to V4.2
SIMATIC Reader RF615R ETSI versions prior to V4.2
SIMATIC Reader RF615R FCC versions prior to V4.2
SIMATIC Reader RF650R ARIB versions prior to V4.2
SIMATIC Reader RF650R CMIIT versions prior to V4.2
SIMATIC Reader RF650R ETSI versions prior to V4.2
SIMATIC Reader RF650R FCC versions prior to V4.2
SIMATIC Reader RF680R ARIB versions prior to V4.2
SIMATIC Reader RF680R CMIIT versions prior to V4.2
SIMATIC Reader RF680R ETSI versions prior to V4.2
SIMATIC Reader RF680R FCC versions prior to V4.2
SIMATIC Reader RF685R ARIB versions prior to V4.2
SIMATIC Reader RF685R CMIIT versions prior to V4.2
SIMATIC Reader RF685R ETSI versions prior to V4.2
SIMATIC Reader RF685R FCC versions prior to V4.2
SIMATIC RF1140R versions prior to V1.1
SIMATIC RF1170R versions prior to V1.1
SIMATIC RF166C versions prior to V2.2
SIMATIC RF185C versions prior to V2.2
SIMATIC RF186C versions prior to V2.2
SIMATIC RF186CI versions prior to V2.2
SIMATIC RF188C versions prior to V2.2
SIMATIC RF188CI versions prior to V2.2
SIMATIC RF360R versions prior to V2.2
Description:
A vulnerability has been identified in the SIMATIC Reader devices, which do not properly handle errors when exceeding characters while setting SNMP, leading to the restart of the application. The issue is related to the incorrect processing of character definitions during SNMP setup. This vulnerability can be exploited by a remote attacker to restart the application.
Recommendations:
As a temporary workaround, consider disabling SNMP setup until a patch is available.
Restrict access to the SNMP configuration to minimize the risk of exploitation.
Update to a version that contains a fix for this vulnerability, which is V4.2 or later for SIMATIC Reader RF610R, RF615R, RF650R, RF680R, and RF685R devices, and V1.1 or later for SIMATIC RF1140R and RF1170R devices, and V2.2 or later for SIMATIC RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, and RF360R devices.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Rf1140R
Simatic Rf1170R
Simatic Rf166C
Simatic Rf185C
Simatic Rf186Ci
Simatic Rf188C
Simatic Rf360R
Simatic Reader Rf610R
Simatic Reader Rf615R
Simatic Reader Rf650R
Simatic Reader Rf680R
Simatic Reader Rf685R