Multiple Vulnerabilities in SIMATIC RFID Readers
Monitor6.5SSA-765405Sep 10, 2024
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
SIMATIC RFID Readers contain multiple vulnerabilities including denial-of-service, exposure of hidden functionality, and information disclosure. The vulnerabilities affect RF610R, RF615R, RF650R, RF680R, RF685R (versions prior to 4.2), RF1140R, RF1170R (versions prior to 1.1), and RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, RF360R (versions prior to 2.2). An attacker with authentication credentials could cause the reader to become unresponsive, access sensitive configuration data, or trigger unintended operational modes.
What this means
What could happen
An attacker with engineering access could cause RFID readers to stop responding (denial of service), extract sensitive configuration or tag data, or trigger unintended functions that could disrupt inventory tracking or access control operations.
Who's at risk
Facilities using Siemens SIMATIC RFID readers for inventory tracking, access control, or supply chain applications should prioritize updates. This includes manufacturing plants, warehouses, distribution centers, and access control systems that rely on RF610R, RF615R, RF650R, RF680R, RF685R, RF1140R, RF1170R, RF166C, RF185C, RF186C, RF188C, and RF360C reader models.
How it could be exploited
An attacker with high-level privileges on the network or physical access to engineering interfaces could send specially crafted commands to the RFID reader to trigger the vulnerability. This requires authenticated access to the reader's configuration or management interface.
Prerequisites
- Network access to the RFID reader's management interface (typically port 80/443 or proprietary port)
- Valid engineering workstation credentials or administrative access
- Knowledge of the reader's configuration protocol
Requires high-level authentication (reduces exploitability)Low complexity attackCould cause operational disruptionMultiple product variants affected
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (27)
27 with fix
ProductAffected VersionsFix Status
SIMATIC Reader RF610R CMIIT< V4.24.2
SIMATIC Reader RF610R ETSI< V4.24.2
SIMATIC Reader RF610R FCC< V4.24.2
SIMATIC Reader RF615R CMIIT< V4.24.2
SIMATIC Reader RF615R ETSI< V4.24.2
Remediation & Mitigation
0/16
Do now
0/2HARDENINGRestrict network access to RFID reader management interfaces using firewall rules to limit access to authorized engineering workstations only
HARDENINGReview and enforce strong authentication controls on engineering interfaces to prevent unauthorized configuration changes
Schedule — requires maintenance window
0/14Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC Reader RF610R to firmware version 4.2 or later
HOTFIXUpdate SIMATIC Reader RF615R to firmware version 4.2 or later
HOTFIXUpdate SIMATIC Reader RF650R to firmware version 4.2 or later
HOTFIXUpdate SIMATIC Reader RF680R to firmware version 4.2 or later
HOTFIXUpdate SIMATIC Reader RF685R to firmware version 4.2 or later
HOTFIXUpdate SIMATIC RF1140R to firmware version 1.1 or later
HOTFIXUpdate SIMATIC RF1170R to firmware version 1.1 or later
HOTFIXUpdate SIMATIC RF166C to firmware version 2.2 or later
HOTFIXUpdate SIMATIC RF185C to firmware version 2.2 or later
HOTFIXUpdate SIMATIC RF186C to firmware version 2.2 or later
HOTFIXUpdate SIMATIC RF186CI to firmware version 2.2 or later
HOTFIXUpdate SIMATIC RF188C to firmware version 2.2 or later
HOTFIXUpdate SIMATIC RF188CI to firmware version 2.2 or later
HOTFIXUpdate SIMATIC RF360R to firmware version 2.2 or later
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/0257e5b4-b6e3-4d61-85fc-5bf5e9ed4db3