PatchSiren cyber security CVE debrief
CVE-2024-39675 Siemens CVE debrief
CVE-2024-39675 is a HIGH severity vulnerability (CVSS 8.8) affecting Siemens RUGGEDCOM serial industrial networking devices. In certain configurations, affected products incorrectly enable the Modbus service on non-managed VLANs, exposing serial devices to unauthorized network access. The vulnerability was published on 2024-07-09 and last modified on 2025-08-12, when CISA expanded the advisory to include additional RUGGEDCOM RSG2100P and RSG2100PNC models. The attack vector is adjacent network-based with low complexity, requiring no privileges or user interaction, and can result in complete confidentiality, integrity, and availability compromise. Siemens has released firmware updates for most affected products; however, five models (RS910L, RS910LNC, RS920L, RS920LNC, RS920W) have no planned fix. Organizations should apply vendor patches where available, disable Modbus if not required, and restrict TCP port 502 access to trusted IP addresses.
- Vendor
- Siemens
- Product
- RUGGEDCOM i800
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2025-08-12
- Advisory published
- 2024-07-09
- Advisory updated
- 2025-08-12
Who should care
Organizations operating Siemens RUGGEDCOM serial industrial networking equipment in critical infrastructure, manufacturing, energy, and transportation sectors. Security teams responsible for OT/ICS network segmentation and Modbus protocol security. Asset owners with RUGGEDCOM deployments requiring VLAN isolation for serial device communications.
Technical summary
Affected Siemens RUGGEDCOM serial networking devices may incorrectly expose the Modbus service on non-managed VLANs when specific configurations are applied. This vulnerability affects 28 product variants across the RMC30, RP110, RS400, RS401, RS416, RS910, and RS920 families. The Modbus protocol typically operates on TCP port 502. The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates an adjacent network attacker can achieve high impact without authentication. Siemens provides firmware updates for 23 of 28 affected products; models RS910L, RS910LNC, RS920L, RS920LNC, and RS920W have no remediation planned. Mitigation includes disabling unnecessary Modbus services, network-layer access restrictions, and applying available vendor patches.
Defensive priority
high
Recommended defensive actions
- Review inventory for affected Siemens RUGGEDCOM serial devices including RMC30, RP110, RS400, RS401, RS416, RS910, and RS920 series
- Apply vendor firmware updates: V4.3.10 or later for V4.x-based products; V5.9.0 or later for V5.x-based products
- For RS910L, RS910LNC, RS920L, RS920LNC, and RS920W models with no planned fix, implement compensating controls
- Disable Modbus Server service if not operationally required on affected systems
- Restrict TCP port 502 access to trusted IP addresses through firewall or network segmentation rules
- Verify Modbus remains disabled by default and audit configurations for unintended enablement on non-managed VLANs
- Monitor network traffic for unauthorized Modbus activity on serial device networks
- Apply defense-in-depth practices per CISA ICS guidance for industrial control system environments
Evidence notes
CVE description and affected product list derived from CISA CSAF advisory ICSA-24-193-06. CVSS vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H confirms adjacent network attack with high impact. Remediation guidance including firmware versions and no-fix status extracted from CSAF remediations array. Timeline reflects 2025-08-12 modification adding RUGGEDCOM RSG2100P (32M) and RSG2100PNC (32M) per revision history.
Official resources
-
CVE-2024-39675 CVE record
CVE.org
-
CVE-2024-39675 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09