CVE-2024-38278 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM industrial Ethernet switches and routers in critical infrastructure environments including electric utilities, transportation systems, and manufacturing facilities where these devices provide hardened network connectivity.

Technical summary

Affected Siemens RUGGEDCOM devices with IP forwarding enabled incorrectly expose remote services on non-managed VLANs regardless of whether those services are intentionally activated. This configuration error allows an attacker to establish a remote shell to the affected system. The vulnerability affects 34 product variants across multiple RUGGEDCOM families including RMC8388, RS416, RS900, RSG907R/908C/909R/910C, RSG920P, RSG2100, RSG2288, RSG2300, RSG2488, RSL910, and RST916/RST2228 series devices. IP forwarding is disabled by default, limiting exposure to systems where administrators have explicitly enabled the feature. Siemens has released firmware version 5.9.0 to address this vulnerability.

Defensive priority

high

Recommended defensive actions

• Disable IP forwarding if not required (disabled by default)
• Update affected devices to firmware version 5.9.0 or later
• Review VLAN segmentation to ensure non-managed VLANs are properly isolated
• Monitor network traffic for unauthorized access attempts to management services
• Apply defense-in-depth practices for industrial control systems per CISA guidance

Evidence notes

Vulnerability description and affected products derived from CISA CSAF advisory ICSA-24-193-06. CVSS 6.6 (Medium) per source. Vendor fix and mitigation guidance confirmed in Siemens security advisory SSA-170375. Advisory modified August 12, 2025 to add RUGGEDCOM RSG2100P (32M) and RUGGEDCOM RSG2100PNC (32M) for V4.x and V5.x to affected products list.

Official resources