CVE-2024-37990
📋 TL;DR
This vulnerability affects multiple Siemens SIMATIC RFID reader models, allowing attackers with privileged access to modify configuration files and enable unauthorized features. The flaw impacts industrial automation systems using these devices, potentially compromising operational integrity.
💻 Affected Systems
- SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0)
- SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0)
- SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0)
- SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0)
- SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0)
- SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0)
- SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0)
- SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0)
- SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0)
- SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0)
- SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0)
- SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0)
- SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0)
- SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0)
- SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0)
- SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0)
- SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0)
- SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0)
- SIMATIC RF1140R (6GT2831-6CB00)
- SIMATIC RF1170R (6GT2831-6BB00)
- SIMATIC RF166C (6GT2002-0EE20)
- SIMATIC RF185C (6GT2002-0JE10)
- SIMATIC RF186C (6GT2002-0JE20)
- SIMATIC RF186CI (6GT2002-0JE50)
- SIMATIC RF188C (6GT2002-0JE40)
- SIMATIC RF188CI (6GT2002-0JE60)
- SIMATIC RF360R (6GT2801-5BA30)
📦 What is this software?
Simatic Reader Rf610r Cmiit Firmware by Siemens
View all CVEs affecting Simatic Reader Rf610r Cmiit Firmware →
Simatic Reader Rf610r Etsi Firmware by Siemens
View all CVEs affecting Simatic Reader Rf610r Etsi Firmware →
Simatic Reader Rf610r Fcc Firmware by Siemens
View all CVEs affecting Simatic Reader Rf610r Fcc Firmware →
Simatic Reader Rf615r Cmiit Firmware by Siemens
View all CVEs affecting Simatic Reader Rf615r Cmiit Firmware →
Simatic Reader Rf615r Etsi Firmware by Siemens
View all CVEs affecting Simatic Reader Rf615r Etsi Firmware →
Simatic Reader Rf615r Fcc Firmware by Siemens
View all CVEs affecting Simatic Reader Rf615r Fcc Firmware →
Simatic Reader Rf650r Arib Firmware by Siemens
View all CVEs affecting Simatic Reader Rf650r Arib Firmware →
Simatic Reader Rf650r Cmiit Firmware by Siemens
View all CVEs affecting Simatic Reader Rf650r Cmiit Firmware →
Simatic Reader Rf650r Etsi Firmware by Siemens
View all CVEs affecting Simatic Reader Rf650r Etsi Firmware →
Simatic Reader Rf650r Fcc Firmware by Siemens
View all CVEs affecting Simatic Reader Rf650r Fcc Firmware →
Simatic Reader Rf680r Arib Firmware by Siemens
View all CVEs affecting Simatic Reader Rf680r Arib Firmware →
Simatic Reader Rf680r Cmiit Firmware by Siemens
View all CVEs affecting Simatic Reader Rf680r Cmiit Firmware →
Simatic Reader Rf680r Etsi Firmware by Siemens
View all CVEs affecting Simatic Reader Rf680r Etsi Firmware →
Simatic Reader Rf680r Fcc Firmware by Siemens
View all CVEs affecting Simatic Reader Rf680r Fcc Firmware →
Simatic Reader Rf685r Arib Firmware by Siemens
View all CVEs affecting Simatic Reader Rf685r Arib Firmware →
Simatic Reader Rf685r Cmiit Firmware by Siemens
View all CVEs affecting Simatic Reader Rf685r Cmiit Firmware →
Simatic Reader Rf685r Etsi Firmware by Siemens
View all CVEs affecting Simatic Reader Rf685r Etsi Firmware →
⚠️ Risk & Real-World Impact
Worst Case
An attacker could enable hidden or restricted device features, potentially disrupting industrial processes, bypassing security controls, or gaining unauthorized access to connected systems.
Likely Case
Malicious insiders or compromised accounts could modify device configurations to enable unauthorized functionality, potentially affecting RFID operations and connected industrial control systems.
If Mitigated
With proper access controls and network segmentation, the impact is limited to authorized personnel who could still misuse their privileges.
🎯 Exploit Status
Exploitation requires privileged access to the device configuration interface. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V4.2 for RF6xxR models, V1.1 for RF11xxR models, V2.2 for RF1xxC and RF360R models
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-765405.html
Restart Required: Yes
Instructions:
1. Download firmware updates from Siemens Industrial Online Support. 2. Backup device configurations. 3. Apply firmware update following Siemens documentation. 4. Verify successful update and restore configurations if needed. 5. Test device functionality in operational environment.
🔧 Temporary Workarounds
Restrict Access Controls
allLimit privileged access to device configuration interfaces to only authorized personnel
Network Segmentation
allIsolate RFID readers in separate network segments with strict access controls
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for device administration
- Monitor configuration changes and implement change control procedures
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface or management software. Compare against affected versions listed in advisory.Check Version:
Use Siemens SIMATIC RF-Manager or web interface to check firmware versionVerify Fix Applied:
Verify firmware version is at or above V4.2 for RF6xxR, V1.1 for RF11xxR, V2.2 for RF1xxC and RF360R models📡 Detection & Monitoring
Log Indicators:
- Unauthorized configuration changes
- Unexpected feature activation
- Multiple failed login attempts followed by configuration changes
Network Indicators:
- Unusual network traffic from RFID readers
- Configuration file transfer to/from devices
SIEM Query:
Search for configuration change events on RFID reader devices outside of maintenance windows