PatchSiren cyber security CVE debrief
CVE-2024-37991 Siemens CVE debrief
CVE-2024-37991 is a medium-severity information disclosure vulnerability affecting 27 Siemens SIMATIC RFID reader products. The vulnerability allows unauthenticated attackers to access service log files without proper authentication, potentially exposing sensitive operational information. The issue was disclosed on September 10, 2024, and affects multiple product families including RF610R, RF615R, RF650R, RF680R, RF685R readers, RF166C/RF185C/RF186C/RF188C communication modules, and RF360R/RF1140R/RF1170R readers. Siemens has released firmware updates to address this vulnerability, with specific version requirements varying by product line.
- Vendor
- Siemens
- Product
- SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-10
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-09-10
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens SIMATIC RFID systems in manufacturing, logistics, supply chain, and industrial automation environments should prioritize assessment and patching. Security teams responsible for OT/ICS networks, asset owners with RFID-enabled tracking systems, and compliance officers managing industrial cybersecurity frameworks should evaluate exposure.
Technical summary
The affected Siemens SIMATIC RFID readers and communication modules expose service log files without requiring authentication. An unauthenticated attacker with network access to the device can retrieve these log files, which may contain sensitive operational data, configuration details, or diagnostic information. The attack requires network connectivity to the target device and some form of user interaction, with high attack complexity reducing but not eliminating exploitation risk. The vulnerability is confined to confidentiality impact with no direct effect on system integrity or availability.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates: RF1140R and RF1170R to V1.1 or later; RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, and RF360R to V2.2 or later; RF610R, RF615R, RF650R, RF680R, and RF685R readers to V4.2 or
- Restrict network access to affected RFID readers using firewall rules or network segmentation
- Monitor for unauthorized access attempts to service log file endpoints
- Review and rotate any credentials or keys that may have been logged in service files
- Implement defense-in-depth strategies for industrial control systems per CISA guidance
Evidence notes
The vulnerability description and affected product list are derived from CISA CSAF advisory ICSA-24-256-07, which references Siemens security advisory SSA-765405. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) indicates network attack vector with high attack complexity, no privileges required, user interaction required, and high confidentiality impact with no integrity or availability impact.
Official resources
-
CVE-2024-37991 CVE record
CVE.org
-
CVE-2024-37991 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-10