OTPulse
FeedAboutContact

Multiple Vulnerabilities in SIMATIC RF160B before V2.2

Act Now9.8SSA-770721Mar 12, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC RF160B contains multiple vulnerabilities including buffer overflows (CWE-119, CWE-125), improper input validation (CWE-20), weak cryptography (CWE-326, CWE-330), missing authentication (CWE-287, CWE-863), and broken access controls (CWE-732, CWE-862, CWE-863). These flaws allow an attacker with network access to execute arbitrary code within a privileged process context without authentication. The vulnerabilities span unsafe memory operations, inadequate input handling, weak encryption practices, and permission/authorization bypass mechanisms.

What this means
What could happen
An attacker with network access to the RF160B could run arbitrary code with system privileges, potentially allowing them to modify or intercept RFID reader operations, alter or forge access control data, or disrupt identification and authorization functions in controlled facilities.
Who's at risk
Manufacturing facilities, warehouses, logistics centers, and access control systems that rely on the SIMATIC RF160B RFID reader module. This includes any production line or material handling system using RF160B for identification, inventory tracking, or entry authorization. Facilities in automotive, pharma, food/beverage, and general manufacturing should prioritize this update.
How it could be exploited
An attacker on the network sends a specially crafted packet to the RF160B device exploiting one of the multiple vulnerabilities (buffer overflow, improper input validation, weak cryptography, or missing authentication checks). The device processes the packet without proper validation and executes the attacker's code in a privileged context.
Prerequisites
  • Network access to the RF160B device
  • No authentication required
remotely exploitableno authentication requiredlow complexityactively exploitedcritically high CVSS (9.8)EPSS score 62.7% (high exploit probability)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC RF160B (6GT2003-0FA00)<V2.22.2
Remediation & Mitigation
0/1
Do now
0/1
HOTFIXUpdate SIMATIC RF160B firmware to version 2.2 or later
CVEs (157)
CVE-2017-14491CVE-2017-18509CVE-2020-0338CVE-2020-0417CVE-2020-10768CVE-2020-11301CVE-2020-14305CVE-2020-14381CVE-2020-15436CVE-2020-24587CVE-2020-25705CVE-2020-26555CVE-2020-26558CVE-2020-29660CVE-2020-29661CVE-2021-0302CVE-2021-0305CVE-2021-0325CVE-2021-0326CVE-2021-0327CVE-2021-0328CVE-2021-0329CVE-2021-0330CVE-2021-0331CVE-2021-0333CVE-2021-0334CVE-2021-0336CVE-2021-0337CVE-2021-0339CVE-2021-0341CVE-2021-0390CVE-2021-0391CVE-2021-0392CVE-2021-0393CVE-2021-0394CVE-2021-0396CVE-2021-0397CVE-2021-0399CVE-2021-0400CVE-2021-0429CVE-2021-0431CVE-2021-0433CVE-2021-0434CVE-2021-0435CVE-2021-0436CVE-2021-0437CVE-2021-0438CVE-2021-0443CVE-2021-0444CVE-2021-0471CVE-2021-0473CVE-2021-0474CVE-2021-0476CVE-2021-0478CVE-2021-0480CVE-2021-0481CVE-2021-0484CVE-2021-0506CVE-2021-0507CVE-2021-0508CVE-2021-0509CVE-2021-0510CVE-2021-0511CVE-2021-0512CVE-2021-0513CVE-2021-0514CVE-2021-0515CVE-2021-0516CVE-2021-0519CVE-2021-0520CVE-2021-0521CVE-2021-0522CVE-2021-0584CVE-2021-0585CVE-2021-0586CVE-2021-0587CVE-2021-0588CVE-2021-0589CVE-2021-0591CVE-2021-0593CVE-2021-0594CVE-2021-0596CVE-2021-0597CVE-2021-0598CVE-2021-0599CVE-2021-0600CVE-2021-0601CVE-2021-0604CVE-2021-0640CVE-2021-0641CVE-2021-0642CVE-2021-0646CVE-2021-0650CVE-2021-0651CVE-2021-0652CVE-2021-0653CVE-2021-0682CVE-2021-0683CVE-2021-0684CVE-2021-0687CVE-2021-0688CVE-2021-0689CVE-2021-0690CVE-2021-0692CVE-2021-0695CVE-2021-0704CVE-2021-0706CVE-2021-0708CVE-2021-0870CVE-2021-0919CVE-2021-0920CVE-2021-0926CVE-2021-0928CVE-2021-0929CVE-2021-0930CVE-2021-0931CVE-2021-0933CVE-2021-0952CVE-2021-0953CVE-2021-0961CVE-2021-0963CVE-2021-0964CVE-2021-0965CVE-2021-0967CVE-2021-0968CVE-2021-0970CVE-2021-1972CVE-2021-1976CVE-2021-29647CVE-2021-33909CVE-2021-38204CVE-2021-39621CVE-2021-39623CVE-2021-39626CVE-2021-39627CVE-2021-39629CVE-2021-39633CVE-2021-39634CVE-2022-20127CVE-2022-20130CVE-2022-20227CVE-2022-20229CVE-2022-20355CVE-2022-20411CVE-2022-20421CVE-2022-20422CVE-2022-20423CVE-2022-20462CVE-2022-20466CVE-2022-20468CVE-2022-20469CVE-2022-20472CVE-2022-20473CVE-2022-20476CVE-2022-20483CVE-2022-20498CVE-2022-20500
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/de4a43fe-1fd1-4e7a-8e08-56b5498704b4