PatchSiren cyber security CVE debrief
CVE-2024-37992 Siemens CVE debrief
A vulnerability in Siemens SIMATIC RFID readers allows an authenticated attacker to trigger an application restart by sending SNMP configuration data that exceeds character limits. The affected devices do not properly handle this error condition, resulting in denial of service. The vulnerability requires network access and administrative privileges (PR:H), with a CVSS 3.1 score of 4.9 (MEDIUM). Twenty-seven product variants across the SIMATIC Reader RF610R, RF615R, RF650R, RF680R, RF685R, RF1140R, RF1170R, RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, and RF360R series are affected. Siemens has released firmware updates to address this issue, with version requirements varying by product family.
- Vendor
- Siemens
- Product
- SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0)
- CVSS
- MEDIUM 4.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-10
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-09-10
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens SIMATIC RFID readers in industrial environments, particularly those with remote SNMP management enabled. Asset owners in manufacturing, logistics, and supply chain operations relying on continuous RFID availability should prioritize patching during maintenance windows.
Technical summary
The vulnerability exists in the SNMP configuration handling of affected SIMATIC RFID readers. When SNMP settings containing excessive character counts are submitted, the device fails to handle the resulting error gracefully, causing the application to restart. This represents an improper error handling weakness (CWE-755) in the device's management interface. The attack requires network connectivity to the device's SNMP service and valid administrative credentials. Successful exploitation results in temporary loss of RFID reader functionality until the application completes its restart cycle. No confidentiality or integrity impacts are associated with this vulnerability.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-supplied firmware updates: SIMATIC RF1140R/RF1170R to V1.1 or later; SIMATIC RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, and RF360R to V2.2 or later; SIMATIC Reader RF610R, RF615R, RF650R, RF680R, and
Evidence notes
Vulnerability description and affected product list derived from CISA CSAF advisory ICSA-24-256-07. CVSS vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H confirms network-accessible, high-privilege attack vector with availability impact only. Remediation guidance specifies version thresholds by product group.
Official resources
-
CVE-2024-37992 CVE record
CVE.org
-
CVE-2024-37992 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-10