PatchSiren cyber security CVE debrief
CVE-2024-37994 Siemens CVE debrief
A hidden debug configuration item in Siemens SIMATIC RFID readers could allow authenticated attackers to gain insight into internal deployment configurations. The vulnerability affects 27 SIMATIC Reader and RF communication module products across multiple regional variants (ARIB, CMIIT, ETSI, FCC). CISA published this advisory on September 10, 2024, with a revision on May 6, 2025 to fix typos. Siemens has released firmware updates to address this issue, with version requirements varying by product family.
- Vendor
- Siemens
- Product
- SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0)
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-10
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-09-10
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens SIMATIC RFID systems in manufacturing, logistics, and industrial automation environments should prioritize this update. Security teams managing OT/ICS networks, asset owners with RFID-enabled supply chain operations, and compliance officers responsible for industrial cybersecurity frameworks should assess exposure and apply mitigations.
Technical summary
The affected Siemens SIMATIC RFID reader firmware contains a hidden configuration parameter that enables debug functionality. When activated, this functionality exposes internal deployment configuration details to authenticated users. The vulnerability requires network access and low privileges to exploit, with a CVSS 3.1 base score of 4.3 (MEDIUM). The attack complexity is low, and no user interaction is required. Impact is limited to low integrity impact with no direct confidentiality or availability effects, though information gained could facilitate further attacks.
Defensive priority
medium
Recommended defensive actions
- Review inventory for affected Siemens SIMATIC RFID reader models and apply vendor-supplied firmware updates: RF610R/RF615R/RF650R/RF680R/RF685R readers to V4.2 or later; RF1140R/RF1170R to V1.1 or later; RF166C/RF185C/RF
- 186C/RF186CI/RF188C/RF188CI to V2.2 or later; RF360R to V2.2 or later
- Restrict network access to affected RFID readers to authorized personnel only
- Monitor for unauthorized configuration changes or unexpected diagnostic output
- Apply defense-in-depth strategies per CISA ICS recommended practices for industrial control systems
Evidence notes
The vulnerability description and affected product list are derived from CISA CSAF advisory ICSA-24-256-07, which references Siemens security advisory SSA-765405. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) indicates network-accessible attack vector with low attack complexity, requiring low privileges and resulting in low integrity impact with no confidentiality or availability impact.
Official resources
-
CVE-2024-37994 CVE record
CVE.org
-
CVE-2024-37994 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-10