CVE Tools
Sign in

CVE-2024-37995

Published: Sep 10, 2024Updated: Sep 18, 2024 Sources: CVE List NVD BDU csafCWE-703
NVD MITRE
2.7CVSSLOW
EPSS Score
0.3%
Top 82.3%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information.

CVSS Vector Breakdown

AV:NAC:LPR:HUI:NS:UC:NI:NA:L
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:HPrivileges Required
High
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:LAvailability
Low
Open in CVSS calculator →

Weaknesses

CWE-703NVD-CWE-noinfo

Affected Products

SIMATIC Reader RF610R CMIITSiemensICS / OT / IoT
SIMATIC Reader RF610R ETSISiemensICS / OT / IoT
SIMATIC Reader RF610R FCCSiemensICS / OT / IoT
SIMATIC Reader RF615R CMIITSiemensICS / OT / IoT
SIMATIC Reader RF615R ETSISiemensICS / OT / IoT
siemenscommercialDEEnterprise Softwareaka siemens ag
and 74 more affected products View all →

Exploitability

Official Patch Available

References

https://cert-portal.siemens.com/productcert/html/ssa-765405.html
cert-portal.siemens.com
https://nvd.nist.gov/vuln/detail/CVE-2024-37995&#13;
nvd.nist.gov
https://cert-portal.siemens.com/productcert/csaf/ssa-765405.json
cert-portal.siemens.com
and 8 more references View all →

Timeline

Published
Sep 10, 2024
Last Updated
Sep 18, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-37995 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows