PatchSiren cyber security CVE debrief

CVE-2024-37993 Siemens CVE debrief

CVE-2024-37993 is a medium-severity vulnerability affecting 27 Siemens SIMATIC RFID reader products. The issue stems from missing authentication on Ajax2App instance creation, allowing unauthenticated attackers to trigger denial-of-service conditions. Published September 10, 2024, and last modified May 6, 2025, this vulnerability carries a CVSS 3.1 score of 5.3. Siemens has released firmware updates addressing the flaw, with version requirements varying by product family. Organizations should prioritize patching based on their specific deployed models and implement network segmentation as a compensating control where immediate updates are not feasible.

Vendor: Siemens
Product: SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0)
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-09-10
Original CVE updated: 2025-05-06
Advisory published: 2024-09-10
Advisory updated: 2025-05-06

Who should care

Organizations operating Siemens SIMATIC RFID systems in manufacturing, logistics, and supply chain environments should prioritize assessment. Security teams in industrial environments with RFID-based tracking systems need to evaluate exposure. OT security practitioners responsible for asset inventory and patch management should verify firmware versions. Network administrators managing segmented industrial networks should review access controls for RFID reader subnets. Compliance teams tracking ICS-CERT advisories for regulatory reporting should document remediation status.

Technical summary

The vulnerability exists in the web application components of Siemens SIMATIC RFID readers and communication modules. Specifically, the Ajax2App instance creation endpoint lacks authentication requirements. An unauthenticated remote attacker can exploit this by sending crafted requests to create Ajax2App instances, potentially exhausting system resources and causing denial-of-service conditions. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) indicates network attack vector, low complexity, no privileges required, no user interaction, and low availability impact. The vulnerability affects 27 distinct product variants across multiple hardware generations, suggesting a common underlying codebase or design pattern. Siemens has categorized remediations by product family with specific minimum firmware versions required to address the authentication gap.

Defensive priority

medium

Recommended defensive actions

Identify all Siemens SIMATIC RFID readers in your environment using the affected product list, including RF610R, RF615R, RF650R, RF680R, RF685R series readers and RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, RF360R,
RF1140R, and RF1170R communication modules.
Apply vendor-supplied firmware updates: update RF1140R and RF1170R to V1.1 or later; update RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, and RF360R to V2.2 or later; update RF610R, RF615R, RF650R, RF680R, and RF685R
series readers to V4.2 or later.
Restrict network access to affected RFID readers using firewall rules or VLAN segmentation, limiting connectivity to authorized engineering workstations and control system networks only.
Monitor for anomalous connection attempts to Ajax2App endpoints on affected devices, particularly from unexpected source IP addresses or during non-maintenance windows.
Verify firmware versions during scheduled maintenance and incorporate firmware version tracking into asset inventory procedures for industrial control systems.

Evidence notes

Vulnerability description and affected product list derived from CISA CSAF advisory ICSA-24-256-07. Remediation guidance specifies version-specific firmware updates per product family. CVSS vector confirms network-based attack vector with low attack complexity and no privileges required.

Official resources

2024-09-10