All the vulnerabilites related to Siemens - SIMATIC RF188C
cve-2024-37991
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2024-09-10 15:09
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
6.0 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.0 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:09:26.404268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:09:35.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1140R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1170R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:36:35.565Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-37991",
"datePublished": "2024-09-10T09:36:35.565Z",
"dateReserved": "2024-06-11T08:32:52.183Z",
"dateUpdated": "2024-09-10T15:09:35.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37990
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2024-09-10 15:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
7.0 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
7.0 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:12:00.893655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:12:10.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1140R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1170R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912: Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:36:33.772Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-37990",
"datePublished": "2024-09-10T09:36:33.772Z",
"dateReserved": "2024-06-11T08:32:52.183Z",
"dateUpdated": "2024-09-10T15:12:10.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37992
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2024-09-10 15:08
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:04:53.594332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:08:09.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1140R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1170R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:36:37.300Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-37992",
"datePublished": "2024-09-10T09:36:37.300Z",
"dateReserved": "2024-06-11T08:32:52.183Z",
"dateUpdated": "2024-09-10T15:08:09.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31340
Vulnerability from cvelistv5
Published
2021-06-08 19:47
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"product": "SIMATIC Reader RF610R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF610R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF610R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF615R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF615R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF615R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF650R ARIB",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF650R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF650R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF650R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF680R ARIB",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF680R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF680R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF680R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF685R ARIB",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF685R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF685R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF685R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T09:46:26",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC RF166C",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF185C",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF186C",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF186CI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF188C",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF188CI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF360R",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF610R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF610R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF610R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31340",
"datePublished": "2021-06-08T19:47:16",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37993
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2024-09-10 15:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:04:12.477171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:04:32.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1140R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1170R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:36:39.074Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-37993",
"datePublished": "2024-09-10T09:36:39.074Z",
"dateReserved": "2024-06-11T08:32:52.184Z",
"dateUpdated": "2024-09-10T15:04:32.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6575
Vulnerability from cvelistv5
Published
2019-04-17 13:40
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC CP 443-1 OPC UA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"product": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 4"
}
]
},
{
"product": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 4"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 4"
}
]
},
{
"product": "SIMATIC IPC DiagMonitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1.3"
}
]
},
{
"product": "SIMATIC NET PC Software V13",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC NET PC Software V14",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1 Update 14"
}
]
},
{
"product": "SIMATIC NET PC Software V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.0"
}
]
},
{
"product": "SIMATIC RF600R family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.1"
}
]
},
{
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.5 \u003c V2.6.1"
}
]
},
{
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions between V2.5 (including) and V2.7 (excluding)"
}
]
},
{
"product": "SIMATIC WinCC OA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.15 P018"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 4"
}
]
},
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP1"
}
]
},
{
"product": "SINEMA Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP2"
}
]
},
{
"product": "SINUMERIK OPC UA Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"product": "TeleControl Server Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R family (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions \u003c V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T11:16:36",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-6575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC CP 443-1 OPC UA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.7"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 4"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 4"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 4"
}
]
}
},
{
"product_name": "SIMATIC IPC DiagMonitor",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.1.3"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V13",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP1 Update 14"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC RF188C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.1.0"
}
]
}
},
{
"product_name": "SIMATIC RF600R family",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.2.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.5 \u003c V2.6.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions between V2.5 (including) and V2.7 (excluding)"
}
]
}
},
{
"product_name": "SIMATIC WinCC OA",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.15 P018"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 4"
}
]
}
},
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP1"
}
]
}
},
{
"product_name": "SINEMA Server",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP2"
}
]
}
},
{
"product_name": "SINUMERIK OPC UA Server",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.1.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R family (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions \u003c V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-6575",
"datePublished": "2019-04-17T13:40:24",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-08-04T20:23:22.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6568
Vulnerability from cvelistv5
Published
2019-04-17 13:40
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
The webserver of the affected devices contains a vulnerability that may lead to
a denial of service condition. An attacker may cause a denial of service
situation which leads to a restart of the webserver of the affected device.
The security vulnerability could be exploited by an attacker with network
access to the affected systems. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise availability of the device.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1604",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1616",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 OPC UA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IPC DiagMonitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF182C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF600R family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RFID 181EIP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.6.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-PLCSIM Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0 SP1 UPD1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Standard",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX F 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.6 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.7 SP1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.8 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V5.1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V5.1 SP1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1 SP1 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.6 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.7 SP1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.8 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V5.1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V5.1 SP1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1 SP1 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GH150 V4.7 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GH150 V4.8 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2 HF9"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GL150 V4.7 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GL150 V4.8 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2 HF9"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GM150 V4.7 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GM150 V4.8 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2 HF9"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1 SP1 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.6 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.7 SP1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.8 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V5.1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V5.1 SP1 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1 SP1 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S210",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1 SP1 HF8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF33"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.8 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SM120 V4.7 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SM120 V4.8 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2 HF10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SM150 V4.8 (Control Unit)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 343-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 443-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 443-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.16"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITOP Manager",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITOP PSU8600",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITOP UPS1600 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIM 1531 IRC (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device.\r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T11:51:03.049Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-6568",
"datePublished": "2019-04-17T13:40:24",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-08-04T20:23:22.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37995
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2024-09-10 15:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:08:52.987640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:09:02.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1140R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1170R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:36:42.714Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-37995",
"datePublished": "2024-09-10T09:36:42.714Z",
"dateReserved": "2024-06-11T08:32:52.184Z",
"dateUpdated": "2024-09-10T15:09:02.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37994
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2024-09-10 15:03
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:03:36.814417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:03:52.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF610R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF615R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF650R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF680R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ARIB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R CMIIT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R ETSI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Reader RF685R FCC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1140R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF1170R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912: Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:36:40.841Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-37994",
"datePublished": "2024-09-10T09:36:40.841Z",
"dateReserved": "2024-06-11T08:32:52.184Z",
"dateUpdated": "2024-09-10T15:03:52.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Description:
Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
-
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
-
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
-
jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
-
jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
-
jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
-
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-35728)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-36184)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource (CVE-2020-36185)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource (CVE-2020-36186)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource (CVE-2020-36187)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource (CVE-2020-36188)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc e (CVE-2020-36189)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing (CVE-2021-20190)
-
jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
-
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected 1950894 - Placeholder bug for OCP 4.6.0 extras release
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fixes:
-
RHACM 2.1.6 images (BZ#1940581)
-
When generating the import cluster string, it can include unescaped characters (BZ#1934184)
-
Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation 1934184 - When generating the import cluster string, it can include unescaped characters 1940581 - RHACM 2.1.6 images
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1199-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1199 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
- Description:
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
- openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)
- openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm
ppc64: jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcQ4tzjgjWX9erEAQg5Zg/9FciPflU5YnbBIktqUgZAzkgIaZf3cp/A vYQu1D/5oRwfvcdbhtzgYBVB5Ha+Ut1QQRHix/3QkD2v4+pF2eAnfe6TN2ftgKyJ Qw1oOs0HGdUzSkxboZESkTGiSmaCLT7fn7dHvJ1cH0rfQx7ngYRPGLPAbSHqOaQZ gkRYTZGl+jBG/a91XBMoa+QRFT0+yQX4ps2oEGiMWZMIfWOrC4iU9NnudR1CDGE7 SWzDmjAIKP2xjfi6UVwTuuq64ROju9ginT5KPwj42Btfatnj6nTF4CIoWyfBm9LK CLBXeJOfjQUB/vjiTeLh47d1rMt7H5Jjck8imL6nfdAkzG+SKQA3yxjHztdmEFyX aDQR6T5X2lPBPdtHE0qaunS5lb/XRWh7xTQ3k34iTYvIN2wd2KqP78TwXSMEKWlV ddGQul2vakBXn4C2waTvuJE6JvvwS4Q8zQ1plpW1uOuGIRn1XAxJWV+Wkmt5eBg6 AbyXUMM7pLKiUNP1L0k7nKKx5Ta3HlnpvOpXMDlvccxwEAWoVqZ+nrmUe9bG67DK 1yEp/DR/XpKLPjCwBEW+i+nZUSpTyKe3+J962KoSJ/HISVRZaicBmGiQDCKCEbPr hnhoDO+7Y0A1GlmAd3ZkHu+k97louMpIkRsghdZ7el3D1Hx2EhP/HSQqHI5QCyMl qQeHglPylHU=m11c -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pdm",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "9.1.0.7"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "scalance w700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.5"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic logon",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "simatic mv500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp1243-7 lte eu",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s602",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.0"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "simatic net cp 1543sp-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "sinamics connect 300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "scalance s623",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "simatic net cp1243-7 lte us",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "scalance m-800",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "simatic rf166c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1215 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "ruggedcom rcm1224",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "scalance sc-600",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic rf186ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "communications communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "simatic process historian opc ua server",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "simatic rf188ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1545-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic net cp 1543-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "scalance lpe9403",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1243-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "scalance s615",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "simatic cloud connect 7",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1215c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s627-2m",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.17.0"
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic cloud connect 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic rf360r",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "tim 1531 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic logon",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.0.2"
},
{
"model": "sinec pni",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr524-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinumerik opc ua server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "tia administrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1214 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1.0"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "simatic wincc telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "scalance s612",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xr528-6m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "sma100",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.0"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "capture client",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.5"
},
{
"model": "scalance xr552-12",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic pcs 7 telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "scalance xr526-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance w1700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic s7-1200 cpu 1217c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1212fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
}
],
"trust": 0.8
},
"cve": "CVE-2021-3449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3449",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-388130",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3449",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3449",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-388130",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Description:\n\nWindows Container Support for Red Hat OpenShift allows you to deploy\nWindows container workloads running on Windows Server containers. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jackson-databind: arbitrary code execution in slf4j-ext class\n(CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and\nblaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in\naxis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class\n(CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in\njboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool\n(CVE-2020-35728)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\noadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\n(CVE-2020-36184)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\n(CVE-2020-36185)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource\n(CVE-2020-36186)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource\n(CVE-2020-36187)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource\n(CVE-2020-36188)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc\ne (CVE-2020-36189)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to javax.swing (CVE-2021-20190)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n(CVE-2018-14721)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource\n1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource\n1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool\n1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS\n1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS\n1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS\n1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS\n1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool\n1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\n1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\n1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource\n1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource\n1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource\n1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\n1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing\n1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected\n1950894 - Placeholder bug for OCP 4.6.0 extras release\n\n5. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fixes:\n\n* RHACM 2.1.6 images (BZ#1940581)\n\n* When generating the import cluster string, it can include unescaped\ncharacters (BZ#1934184)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation\n1934184 - When generating the import cluster string, it can include unescaped characters\n1940581 - RHACM 2.1.6 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1199-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1199\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Core Services Pack Apache\nServer 2.4.37 and fix several bugs, and add various enhancements are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing\n(CVE-2021-3449)\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcQ4tzjgjWX9erEAQg5Zg/9FciPflU5YnbBIktqUgZAzkgIaZf3cp/A\nvYQu1D/5oRwfvcdbhtzgYBVB5Ha+Ut1QQRHix/3QkD2v4+pF2eAnfe6TN2ftgKyJ\nQw1oOs0HGdUzSkxboZESkTGiSmaCLT7fn7dHvJ1cH0rfQx7ngYRPGLPAbSHqOaQZ\ngkRYTZGl+jBG/a91XBMoa+QRFT0+yQX4ps2oEGiMWZMIfWOrC4iU9NnudR1CDGE7\nSWzDmjAIKP2xjfi6UVwTuuq64ROju9ginT5KPwj42Btfatnj6nTF4CIoWyfBm9LK\nCLBXeJOfjQUB/vjiTeLh47d1rMt7H5Jjck8imL6nfdAkzG+SKQA3yxjHztdmEFyX\naDQR6T5X2lPBPdtHE0qaunS5lb/XRWh7xTQ3k34iTYvIN2wd2KqP78TwXSMEKWlV\nddGQul2vakBXn4C2waTvuJE6JvvwS4Q8zQ1plpW1uOuGIRn1XAxJWV+Wkmt5eBg6\nAbyXUMM7pLKiUNP1L0k7nKKx5Ta3HlnpvOpXMDlvccxwEAWoVqZ+nrmUe9bG67DK\n1yEp/DR/XpKLPjCwBEW+i+nZUSpTyKe3+J962KoSJ/HISVRZaicBmGiQDCKCEbPr\nhnhoDO+7Y0A1GlmAd3ZkHu+k97louMpIkRsghdZ7el3D1Hx2EhP/HSQqHI5QCyMl\nqQeHglPylHU=m11c\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
},
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3449",
"trust": 1.9
},
{
"db": "TENABLE",
"id": "TNS-2021-06",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-772220",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-99170",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"id": "VAR-202103-1464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
}
],
"trust": 0.69085685
},
"last_update_date": "2024-09-19T22:06:59.925000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2130"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1448"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1202"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2021-06-23T15:44:15",
"db": "PACKETSTORM",
"id": "163257"
},
{
"date": "2021-06-23T16:08:25",
"db": "PACKETSTORM",
"id": "163267"
},
{
"date": "2021-06-24T17:54:53",
"db": "PACKETSTORM",
"id": "163276"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-04-29T14:37:49",
"db": "PACKETSTORM",
"id": "162383"
},
{
"date": "2021-04-26T19:21:56",
"db": "PACKETSTORM",
"id": "162337"
},
{
"date": "2021-04-15T13:49:54",
"db": "PACKETSTORM",
"id": "162196"
},
{
"date": "2021-04-15T13:50:39",
"db": "PACKETSTORM",
"id": "162201"
},
{
"date": "2021-03-25T15:15:13.450000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2024-06-21T19:15:19.710000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-2130-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "163257"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
}
],
"trust": 0.3
}
}
var-202106-1490
Vulnerability from variot
A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. plural SIMATIC The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1490",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf685r etsi",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf650r fcc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic rf188ci",
"scope": "gt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic rf186c",
"scope": "gt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic rf166c",
"scope": "gt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf186ci",
"scope": "gt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf680r etsi",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf650r etsi",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf610r etsi",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf685r fcc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf610r fcc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3.2"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf615r etsi",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf680r arib",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic rf188c",
"scope": "gt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic rf185c",
"scope": "gt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf685r arib",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic rf185c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf360r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf685r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf188ci",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf680r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf186ci",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf188c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf615r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf186c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf166c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"db": "NVD",
"id": "CVE-2021-31340"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-475"
}
],
"trust": 0.6
},
"cve": "CVE-2021-31340",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-31340",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31340",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-31340",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31340",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-31340",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-475",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-31340",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-475"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. plural SIMATIC The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-31340"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31340",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-787292",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-159-13",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU95781418",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008155",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021061004",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-475",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-31340",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-475"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31340"
}
]
},
"id": "VAR-202106-1490",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5248015850000001
},
"last_update_date": "2024-08-14T12:50:24.769000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-787292",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
},
{
"title": "Siemens SIMATIC Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154812"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4afce23c1d098bd5a98b3faa63307634"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-475"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"db": "NVD",
"id": "CVE-2021-31340"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-159-13"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95781418/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31340"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061004"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-rfid-readers-overload-via-incoming-connections-35642"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-13"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-475"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-31340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-475"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31340"
},
{
"date": "2022-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"date": "2021-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-475"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-08T20:15:08.853000",
"db": "NVD",
"id": "CVE-2021-31340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31340"
},
{
"date": "2022-03-04T08:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-008155"
},
{
"date": "2022-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-475"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-10-06T17:28:44.817000",
"db": "NVD",
"id": "CVE-2021-31340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-475"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SIMATIC\u00a0 Resource depletion vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008155"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-475"
}
],
"trust": 0.6
}
}
var-202409-0241
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface.
Siemens SIMATIC RFID Readers have a mishandling vulnerability that can be exploited by an attacker to cause the application to restart
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1140r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1170r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf360r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38009"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"db": "NVD",
"id": "CVE-2024-37992"
}
]
},
"cve": "CVE-2024-37992",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2024-38009",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-37992",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2024-37992",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-37992",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-37992",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2024-37992",
"trust": 1.0,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2024-37992",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38009",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38009"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"db": "NVD",
"id": "CVE-2024-37992"
},
{
"db": "NVD",
"id": "CVE-2024-37992"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface. \n\nSiemens SIMATIC RFID Readers have a mishandling vulnerability that can be exploited by an attacker to cause the application to restart",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-37992"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"db": "CNVD",
"id": "CNVD-2024-38009"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-37992",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-765405",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90825867",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-07",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008454",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38009",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38009"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"db": "NVD",
"id": "CVE-2024-37992"
}
]
},
"id": "VAR-202409-0241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38009"
}
],
"trust": 1.07222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38009"
}
]
},
"last_update_date": "2024-09-19T21:22:20.394000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SIMATIC RFID Readers Improper Handling Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/590356"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-703",
"trust": 1.0
},
{
"problemtype": "Improper checks or handling of exceptional circumstances (CWE-703) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"db": "NVD",
"id": "CVE-2024-37992"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90825867/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-37992"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38009"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"db": "NVD",
"id": "CVE-2024-37992"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38009"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"db": "NVD",
"id": "CVE-2024-37992"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38009"
},
{
"date": "2024-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"date": "2024-09-10T10:15:10.837000",
"db": "NVD",
"id": "CVE-2024-37992"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38009"
},
{
"date": "2024-09-19T07:54:00",
"db": "JVNDB",
"id": "JVNDB-2024-008454"
},
{
"date": "2024-09-18T15:31:27.597000",
"db": "NVD",
"id": "CVE-2024-37992"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008454"
}
],
"trust": 0.8
}
}
var-202409-0245
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface.
Siemens SIMATIC RFID Readers have an improper access control vulnerability, which is caused by the fact that the affected application does not authenticate the creation of the Ajax2App instance
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0245",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1140r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1170r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf360r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38008"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"db": "NVD",
"id": "CVE-2024-37993"
}
]
},
"cve": "CVE-2024-37993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38008",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-37993",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-37993",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-37993",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-37993",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2024-37993",
"trust": 1.0,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2024-37993",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38008",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38008"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"db": "NVD",
"id": "CVE-2024-37993"
},
{
"db": "NVD",
"id": "CVE-2024-37993"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface. \n\nSiemens SIMATIC RFID Readers have an improper access control vulnerability, which is caused by the fact that the affected application does not authenticate the creation of the Ajax2App instance",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-37993"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"db": "CNVD",
"id": "CNVD-2024-38008"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-37993",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-765405",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90825867",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-07",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008396",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38008",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38008"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"db": "NVD",
"id": "CVE-2024-37993"
}
]
},
"id": "VAR-202409-0245",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38008"
}
],
"trust": 1.07222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38008"
}
]
},
"last_update_date": "2024-09-19T20:20:56.935000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SIMATIC RFID Readers Improper Access Control Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/590361"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"db": "NVD",
"id": "CVE-2024-37993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90825867/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-37993"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38008"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"db": "NVD",
"id": "CVE-2024-37993"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38008"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"db": "NVD",
"id": "CVE-2024-37993"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38008"
},
{
"date": "2024-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"date": "2024-09-10T10:15:11.090000",
"db": "NVD",
"id": "CVE-2024-37993"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38008"
},
{
"date": "2024-09-19T06:46:00",
"db": "JVNDB",
"id": "JVNDB-2024-008396"
},
{
"date": "2024-09-18T15:32:26.037000",
"db": "NVD",
"id": "CVE-2024-37993"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008396"
}
],
"trust": 0.8
}
}
var-201904-0174
Vulnerability from variot
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device.
The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinamics s210",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "sinamics sm120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sitop manager",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic ipc diagmonitor",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1.3"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "cp1616",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-1500t",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "sinamics sm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic cp443-1 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-1500s",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "sitop ups1600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simocode pro v pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "simatic s7-400 pn\\/dp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp343-1 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simocode pro v eip",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.3"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "sinamics s210",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics sl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-1500f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "simatic teleservice adapter ie basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "cp1604",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc runtime advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic winac rtx",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinamics g130",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic rf181-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic cp443-1 opc ua",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.6"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic cp443-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sitop psu8600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics gh150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics sm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics gl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic teleservice adapter ie standard",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf600r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1"
},
{
"model": "simatic cp 1543sp-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1604",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1616",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 adv",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf185c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "sinamics s150",
"version": "5.1"
},
{
"model": "simatic winac rtx sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic s7-300 cpu family all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7"
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g130 and g150",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf182c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1 opc ua",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic ipc diagmonitor",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf188c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf600r",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp1604",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp1616",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et sp open controller cpu 1515sp pc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "200\u003cv2.1.6"
},
{
"model": "simatic hmi comfort panels 4\" 22\"",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6"
},
{
"model": "sinamics s150",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s210",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.1"
},
{
"model": "sinamics s210 sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.1"
},
{
"model": "tim irc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1531"
},
{
"model": "simatic hmi comfort outdoor panels 7\" \u0026 15\"",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf181-eip",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf186c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-plcsim advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie basic",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie standard",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simocode pro eip",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v"
},
{
"model": "simocode pro pn",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v"
},
{
"model": "sitop manager",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sitop psu8600",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sitop ups1600",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siamtic rf185c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp343-1 advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1 advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et sp open controller cpu 1515sp pc2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "200"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sinamics s210",
"version": "5.1"
},
{
"model": "tim irc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15310"
},
{
"model": "sitop ups1600",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sitop psu8600",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sitop manager",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinamics s210 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics s120 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s120 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics g150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics g130 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g130 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "simocode pro pn",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v0"
},
{
"model": "simocode pro eip",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "20100"
},
{
"model": "simatic teleservice adapter ie standard",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic teleservice adapter ie basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v60"
},
{
"model": "simatic s7-300 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-1500 software controller",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-1500 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf600r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc diagmonitor",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp900f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp900 mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp700f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp700 mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp400f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et200 open controller cpu 1515sp pc2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et200 open controller cpu 1515sp pc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic cp opc ua",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "343-10"
},
{
"model": "rfid 181-eip",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16160"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16040"
},
{
"model": "sinamics s150 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s120 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g150 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g130 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-300 cpu",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v3.x.16"
},
{
"model": "simatic et200 open controller cpu 1515sp pc",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.1.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp400f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1 opc ua",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic ipc diagmonitor",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 plcsim advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop manager",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf600r",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf188c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf186c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1616",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf182c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf181 eip",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie basic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie standard",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf185c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simocode pro v eip",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simocode pro v pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s210",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop psu8600",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop ups1600",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tim 1531 irc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp343 1 advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500t",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1 advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200 sp open controller cpu 1515sp pc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200 sp open controller cpu 1515sp pc2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort outdoor panels",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1604_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1616_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp343-1_advanced_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_adv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf185c_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6568",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6568",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-12904",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158003",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6568",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6568",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6568",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-6568",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6568",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-12904",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-458",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158003",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device. \r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "VULHUB",
"id": "VHN-158003"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6568",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-06",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-480230",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-530931",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-227-04",
"trust": 1.4
},
{
"db": "BID",
"id": "107842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-12904",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1204.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "A397CC8B-EE17-4FAF-8447-E9EE5F57DD12",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158003",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"id": "VAR-201904-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
}
],
"trust": 1.594357721153846
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
}
]
},
"last_update_date": "2024-08-14T15:43:49.516000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-480230",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"title": "SSA-530931",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
},
{
"title": "Patches for multiple Siemens product denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/160237"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91286"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-06"
},
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6568"
},
{
"trust": 0.9,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6568"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3150/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-06"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-06"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/107842"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-denial-of-service-via-webserver-28976"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78710"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-05T00:00:00",
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"date": "2019-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158003"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107842"
},
{
"date": "2019-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"date": "2019-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"date": "2019-04-17T14:29:03.683000",
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"date": "2023-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-158003"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107842"
},
{
"date": "2019-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"date": "2023-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"date": "2023-04-11T10:15:09.153000",
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to input validation in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
}
}
var-202409-0240
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0240",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1140r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1170r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf360r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38007"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"db": "NVD",
"id": "CVE-2024-37994"
}
]
},
"cve": "CVE-2024-37994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-38007",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-37994",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2024-37994",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-37994",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-37994",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2024-37994",
"trust": 1.0,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2024-37994",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38007",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38007"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"db": "NVD",
"id": "CVE-2024-37994"
},
{
"db": "NVD",
"id": "CVE-2024-37994"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-37994"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"db": "CNVD",
"id": "CNVD-2024-38007"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-37994",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-765405",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90825867",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-07",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008453",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38007",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38007"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"db": "NVD",
"id": "CVE-2024-37994"
}
]
},
"id": "VAR-202409-0240",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38007"
}
],
"trust": 1.07222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38007"
}
]
},
"last_update_date": "2024-09-19T21:12:28.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SIMATIC RFID Readers Hidden Function Vulnerability (CNVD-2024-38007)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/590366"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-912",
"trust": 1.0
},
{
"problemtype": "Unpublished features (CWE-912) [ others ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"db": "NVD",
"id": "CVE-2024-37994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90825867/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-37994"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38007"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"db": "NVD",
"id": "CVE-2024-37994"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38007"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"db": "NVD",
"id": "CVE-2024-37994"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38007"
},
{
"date": "2024-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"date": "2024-09-10T10:15:11.340000",
"db": "NVD",
"id": "CVE-2024-37994"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38007"
},
{
"date": "2024-09-19T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2024-008453"
},
{
"date": "2024-09-18T15:35:17.403000",
"db": "NVD",
"id": "CVE-2024-37994"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008453"
}
],
"trust": 0.8
}
}
var-202409-0244
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1140r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1170r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf360r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38006"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"db": "NVD",
"id": "CVE-2024-37995"
}
]
},
"cve": "CVE-2024-37995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2024-38006",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-37995",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2024-37995",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-37995",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-37995",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2024-37995",
"trust": 1.0,
"value": "Low"
},
{
"author": "NVD",
"id": "CVE-2024-37995",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-38006",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38006"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"db": "NVD",
"id": "CVE-2024-37995"
},
{
"db": "NVD",
"id": "CVE-2024-37995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-37995"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"db": "CNVD",
"id": "CNVD-2024-38006"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-37995",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-765405",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90825867",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-07",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008416",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38006",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38006"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"db": "NVD",
"id": "CVE-2024-37995"
}
]
},
"id": "VAR-202409-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38006"
}
],
"trust": 1.07222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38006"
}
]
},
"last_update_date": "2024-09-19T21:41:10.377000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SIMATIC RFID Readers Improper Handling Vulnerability (CNVD-2024-38006)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/590371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-703",
"trust": 1.0
},
{
"problemtype": "Improper checks or handling of exceptional circumstances (CWE-703) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"db": "NVD",
"id": "CVE-2024-37995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90825867/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-37995"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38006"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"db": "NVD",
"id": "CVE-2024-37995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38006"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"db": "NVD",
"id": "CVE-2024-37995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38006"
},
{
"date": "2024-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"date": "2024-09-10T10:15:11.570000",
"db": "NVD",
"id": "CVE-2024-37995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38006"
},
{
"date": "2024-09-19T06:58:00",
"db": "JVNDB",
"id": "JVNDB-2024-008416"
},
{
"date": "2024-09-18T15:37:15.130000",
"db": "NVD",
"id": "CVE-2024-37995"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008416"
}
],
"trust": 0.8
}
}
var-201904-0176
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens has a denial of service vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc software",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf188c",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf600r",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic ipc diagmonitor",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500s",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc oa",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.15-p018"
},
{
"model": "sinumerik opc ua server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "simatic s7-1500t",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "opc unified architecture",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp443-1 opc ua",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime hsp comfort",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1500f",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "simatic rf600r",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc runtime mobile",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc diagmonitor",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "telecontrol server basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic net pc software",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200 open controller cpu 1515sp pc2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic wincc runtime comfort",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinec-nms",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic s7-1500",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinec-nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic cp 443-1 opc-ua",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200 open controller cpu 1515sp pc2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc oa",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu family",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=v2.5"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=v2.5"
},
{
"model": "simatic wincc oa \u003cv3.15-p018",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema server",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik opc ua server",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.1"
},
{
"model": "telecontrol server basics",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime comfort",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime mobile",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinec-nms",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1 opc ua",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et200 open controller cpu 1515sp pc2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime hsp comfort",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "telecontrol server basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "telecontrol server basic sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "telecontrol server basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinumerik opc ua server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinec-nms",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime hsp comfort",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime comfort",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.15"
},
{
"model": "simatic wincc oa 3.14-p021",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.14"
},
{
"model": "simatic wincc oa p002",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.12"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.12"
},
{
"model": "simatic s7-1500 software controller",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.7"
},
{
"model": "simatic s7-1500 software controller",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "simatic s7-1500 software controller",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.8.5"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.8.3"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.7"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.5.0"
},
{
"model": "simatic rf600r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic net pc software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc diagmonitor",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et200 open controller cpu 1515sp pc2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic cp opc ua",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "sinumerik opc ua server",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "simatic wincc oa 3.15-p018",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1 opc ua",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500t",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200 open controller cpu 1515sp pc2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic ipc diagmonitor",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic net pc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf188c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf600r",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc oa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime comfort",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime hsp comfort",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime mobile",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinec nms",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinema server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinumerik opc ua server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telecontrol server basic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500f",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"db": "BID",
"id": "107833"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"db": "NVD",
"id": "CVE-2019-6575"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_std_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200_open_controller_cpu_1515sp_pc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_ipc_diagmonitor_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_net_pc-software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf188c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf600r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_software_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_open_architecture",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens,Siemens ProductCERT reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-462"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6575",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6575",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-12905",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158010",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6575",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6575",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6575",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6575",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-12905",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-462",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158010",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6575",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"db": "VULHUB",
"id": "VHN-158010"
},
{
"db": "VULMON",
"id": "CVE-2019-6575"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-462"
},
{
"db": "NVD",
"id": "CVE-2019-6575"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R family (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions \u003c V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens has a denial of service vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. The vulnerability stems from the failure of the network system or product to properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6575"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"db": "BID",
"id": "107833"
},
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "VULHUB",
"id": "VHN-158010"
},
{
"db": "VULMON",
"id": "CVE-2019-6575"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6575",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-03",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-307392",
"trust": 1.8
},
{
"db": "BID",
"id": "107833",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201904-462",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-12905",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1205",
"trust": 0.6
},
{
"db": "IVD",
"id": "B72B932A-FFE5-40C4-80A7-5E3F71B449FC",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158010",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6575",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"db": "VULHUB",
"id": "VHN-158010"
},
{
"db": "VULMON",
"id": "CVE-2019-6575"
},
{
"db": "BID",
"id": "107833"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-462"
},
{
"db": "NVD",
"id": "CVE-2019-6575"
}
]
},
"id": "VAR-201904-0176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"db": "VULHUB",
"id": "VHN-158010"
}
],
"trust": 1.5697735094117649
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "CNVD",
"id": "CNVD-2019-12905"
}
]
},
"last_update_date": "2024-08-14T14:51:15.372000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-307392",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
},
{
"title": "SiemensIndustrialProductswithOPCUA denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/160239"
},
{
"title": "Siemens OPC UA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91290"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=f300e0ed579e6a7eeebba4d6b8703ede"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"db": "VULMON",
"id": "CVE-2019-6575"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "CWE-248",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"db": "NVD",
"id": "CVE-2019-6575"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-03"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6575"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6575"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/107833"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-denial-of-service-via-opc-ua-4840-tcp-28974"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78742"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-19-099-03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"db": "VULHUB",
"id": "VHN-158010"
},
{
"db": "VULMON",
"id": "CVE-2019-6575"
},
{
"db": "BID",
"id": "107833"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-462"
},
{
"db": "NVD",
"id": "CVE-2019-6575"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"db": "VULHUB",
"id": "VHN-158010"
},
{
"db": "VULMON",
"id": "CVE-2019-6575"
},
{
"db": "BID",
"id": "107833"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-462"
},
{
"db": "NVD",
"id": "CVE-2019-6575"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-05T00:00:00",
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"date": "2019-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158010"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6575"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107833"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"date": "2019-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-462"
},
{
"date": "2019-04-17T14:29:03.760000",
"db": "NVD",
"id": "CVE-2019-6575"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-12905"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-158010"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6575"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107833"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003488"
},
{
"date": "2022-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-462"
},
{
"date": "2022-10-06T16:40:43.557000",
"db": "NVD",
"id": "CVE-2019-6575"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Industrial Products with OPC UA Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "CNVD",
"id": "CNVD-2019-12905"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-462"
}
],
"trust": 0.8
}
}
var-202409-0242
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products, such as firmware, are vulnerable to lack of authentication for critical functions.Information may be obtained. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf610r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1140r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf1170r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf360r",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r arib",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf615r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r etsi",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf650r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf680r fcc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic reader rf685r cmiit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38010"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"db": "NVD",
"id": "CVE-2024-37991"
}
]
},
"cve": "CVE-2024-37991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2024-38010",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-37991",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2024-37991",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-37991",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-37991",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2024-37991",
"trust": 1.0,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2024-37991",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-38010",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38010"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"db": "NVD",
"id": "CVE-2024-37991"
},
{
"db": "NVD",
"id": "CVE-2024-37991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products, such as firmware, are vulnerable to lack of authentication for critical functions.Information may be obtained. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-37991"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"db": "CNVD",
"id": "CNVD-2024-38010"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-37991",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-765405",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90825867",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-07",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008405",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38010",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38010"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"db": "NVD",
"id": "CVE-2024-37991"
}
]
},
"id": "VAR-202409-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38010"
}
],
"trust": 1.07222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38010"
}
]
},
"last_update_date": "2024-09-19T22:04:08.992000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SIMATIC RFID Readers Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/590351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38010"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"db": "NVD",
"id": "CVE-2024-37991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90825867/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-37991"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38010"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"db": "NVD",
"id": "CVE-2024-37991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38010"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"db": "NVD",
"id": "CVE-2024-37991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38010"
},
{
"date": "2024-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"date": "2024-09-10T10:15:10.600000",
"db": "NVD",
"id": "CVE-2024-37991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38010"
},
{
"date": "2024-09-19T06:57:00",
"db": "JVNDB",
"id": "JVNDB-2024-008405"
},
{
"date": "2024-09-18T15:29:44.390000",
"db": "NVD",
"id": "CVE-2024-37991"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of authentication for critical functions in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008405"
}
],
"trust": 0.8
}
}
var-202409-0243
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "simatic rf166c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
},
{
"model": "simatic reader rf610r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf610r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf615r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf650r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf680r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r arib",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r cmiit",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r etsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic reader rf685r fcc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.2"
},
{
"model": "simatic rf1140r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf1170r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.1"
},
{
"model": "simatic rf360r",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
},
{
"db": "NVD",
"id": "CVE-2024-37990"
}
]
},
"cve": "CVE-2024-37990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2024-38011",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2024-37990",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-37990",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2024-37990",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38011",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
},
{
"db": "NVD",
"id": "CVE-2024-37990"
},
{
"db": "NVD",
"id": "CVE-2024-37990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-37990"
},
{
"db": "CNVD",
"id": "CNVD-2024-38011"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-37990",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-765405",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2024-38011",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
},
{
"db": "NVD",
"id": "CVE-2024-37990"
}
]
},
"id": "VAR-202409-0243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
}
],
"trust": 1.07222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
}
]
},
"last_update_date": "2024-09-19T00:53:48.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SIMATIC RFID Readers Hidden Function Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/590346"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-912",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-37990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
},
{
"db": "NVD",
"id": "CVE-2024-37990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
},
{
"db": "NVD",
"id": "CVE-2024-37990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38011"
},
{
"date": "2024-09-10T10:15:10.227000",
"db": "NVD",
"id": "CVE-2024-37990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38011"
},
{
"date": "2024-09-18T15:27:53.563000",
"db": "NVD",
"id": "CVE-2024-37990"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC RFID Readers Hidden Function Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38011"
}
],
"trust": 0.6
}
}