Login Sign Up

CVE-2024-37994

4.3 MEDIUM

📋 TL;DR

This vulnerability affects multiple Siemens SIMATIC RFID reader models, allowing attackers to access hidden debug functionality that reveals internal configuration details. Organizations using these devices in industrial environments are affected, potentially exposing sensitive operational information.

💻 Affected Systems

Products:
  • SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0)
  • SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0)
  • SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0)
  • SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0)
  • SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0)
  • SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0)
  • SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0)
  • SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0)
  • SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0)
  • SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0)
  • SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0)
  • SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0)
  • SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0)
  • SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0)
  • SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0)
  • SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0)
  • SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0)
  • SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0)
  • SIMATIC RF1140R (6GT2831-6CB00)
  • SIMATIC RF1170R (6GT2831-6BB00)
  • SIMATIC RF166C (6GT2002-0EE20)
  • SIMATIC RF185C (6GT2002-0JE10)
  • SIMATIC RF186C (6GT2002-0JE20)
  • SIMATIC RF186CI (6GT2002-0JE50)
  • SIMATIC RF188C (6GT2002-0JE40)
  • SIMATIC RF188CI (6GT2002-0JE60)
  • SIMATIC RF360R (6GT2801-5BA30)
Versions: All versions below V4.2 for RF6xxR models, below V1.1 for RF11xxR models, below V2.2 for RF1xxC models, below V2.2 for RF360R
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects multiple product lines with different regional certifications (CMIIT, ETSI, FCC, ARIB). All devices with default configurations are vulnerable.

📦 What is this software?

Simatic Reader Rf610r Cmiit Firmware by Siemens

View all CVEs affecting Simatic Reader Rf610r Cmiit Firmware →

Simatic Reader Rf610r Etsi Firmware by Siemens

View all CVEs affecting Simatic Reader Rf610r Etsi Firmware →

Simatic Reader Rf610r Fcc Firmware by Siemens

View all CVEs affecting Simatic Reader Rf610r Fcc Firmware →

Simatic Reader Rf615r Cmiit Firmware by Siemens

View all CVEs affecting Simatic Reader Rf615r Cmiit Firmware →

Simatic Reader Rf615r Etsi Firmware by Siemens

View all CVEs affecting Simatic Reader Rf615r Etsi Firmware →

Simatic Reader Rf615r Fcc Firmware by Siemens

View all CVEs affecting Simatic Reader Rf615r Fcc Firmware →

Simatic Reader Rf650r Arib Firmware by Siemens

View all CVEs affecting Simatic Reader Rf650r Arib Firmware →

Simatic Reader Rf650r Cmiit Firmware by Siemens

View all CVEs affecting Simatic Reader Rf650r Cmiit Firmware →

Simatic Reader Rf650r Etsi Firmware by Siemens

View all CVEs affecting Simatic Reader Rf650r Etsi Firmware →

Simatic Reader Rf650r Fcc Firmware by Siemens

View all CVEs affecting Simatic Reader Rf650r Fcc Firmware →

Simatic Reader Rf680r Arib Firmware by Siemens

View all CVEs affecting Simatic Reader Rf680r Arib Firmware →

Simatic Reader Rf680r Cmiit Firmware by Siemens

View all CVEs affecting Simatic Reader Rf680r Cmiit Firmware →

Simatic Reader Rf680r Etsi Firmware by Siemens

View all CVEs affecting Simatic Reader Rf680r Etsi Firmware →

Simatic Reader Rf680r Fcc Firmware by Siemens

View all CVEs affecting Simatic Reader Rf680r Fcc Firmware →

Simatic Reader Rf685r Arib Firmware by Siemens

View all CVEs affecting Simatic Reader Rf685r Arib Firmware →

Simatic Reader Rf685r Cmiit Firmware by Siemens

View all CVEs affecting Simatic Reader Rf685r Cmiit Firmware →

Simatic Reader Rf685r Etsi Firmware by Siemens

View all CVEs affecting Simatic Reader Rf685r Etsi Firmware →

Simatic Reader Rf685r Fcc Firmware by Siemens

View all CVEs affecting Simatic Reader Rf685r Fcc Firmware →

Simatic Rf1140r Firmware by Siemens

View all CVEs affecting Simatic Rf1140r Firmware →

Simatic Rf1170r Firmware by Siemens

View all CVEs affecting Simatic Rf1170r Firmware →

Simatic Rf166c Firmware by Siemens

View all CVEs affecting Simatic Rf166c Firmware →

Simatic Rf185c Firmware by Siemens

View all CVEs affecting Simatic Rf185c Firmware →

Simatic Rf186c Firmware by Siemens

View all CVEs affecting Simatic Rf186c Firmware →

Simatic Rf186ci Firmware by Siemens

View all CVEs affecting Simatic Rf186ci Firmware →

Simatic Rf188c Firmware by Siemens

View all CVEs affecting Simatic Rf188c Firmware →

Simatic Rf188ci Firmware by Siemens

View all CVEs affecting Simatic Rf188ci Firmware →

Simatic Rf360r Firmware by Siemens

View all CVEs affecting Simatic Rf360r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain detailed insight into network architecture, device configurations, and operational parameters, enabling further targeted attacks on industrial control systems.

🟠

Likely Case

Unauthorized access to device configuration data, potentially revealing network topology and device settings that could facilitate reconnaissance for future attacks.

🟢

If Mitigated

Limited information disclosure with no direct system compromise, but still providing attackers with valuable reconnaissance data.

🌐 Internet-Facing: MEDIUM - If devices are directly internet-accessible, attackers could remotely exploit this vulnerability to gather configuration intelligence.
🏢 Internal Only: MEDIUM - Even internally, attackers with network access could use this to map industrial networks and gather intelligence for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability involves accessing hidden debug functionality, which typically requires minimal technical skill once the method is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.2 for RF6xxR models, V1.1 for RF11xxR models, V2.2 for RF1xxC and RF360R models

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-765405.html

Restart Required: Yes

Instructions:

1. Download firmware updates from Siemens Industrial Online Support. 2. Backup current configuration. 3. Apply firmware update following Siemens documentation. 4. Verify update completion and restore configuration if needed. 5. Test device functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected RFID readers from untrusted networks and limit access to authorized management systems only.

Access Control Lists

all

Implement strict network access controls to prevent unauthorized access to device management interfaces.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected devices from untrusted networks
  • Monitor network traffic to/from affected devices for unusual access patterns or configuration queries

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or management software. Compare against affected version ranges.

Check Version:

Use Siemens SIMATIC RF Manager or web interface to check firmware version

Verify Fix Applied:

Verify firmware version is at or above V4.2 for RF6xxR, V1.1 for RF11xxR, V2.2 for RF1xxC and RF360R models.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to device configuration interfaces
  • Multiple failed authentication attempts followed by configuration access
  • Access from unauthorized IP addresses to device management ports

Network Indicators:

  • Unusual traffic patterns to device management ports (typically HTTP/HTTPS)
  • Configuration queries from unexpected sources
  • Traffic to debug or diagnostic endpoints

SIEM Query:

source_ip IN (RFID_device_ips) AND (dest_port IN (80,443,8080) OR uri CONTAINS 'debug' OR uri CONTAINS 'config')

📊 Metadata

CVE ID: CVE-2024-37994
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-912
Published: September 10, 2024
Last Updated: September 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37994, you might also want to check these:

CVE-2024-39754 10.0

A critical static login vulnerability in Wavlink AC3000 routers allows unauthenticated remote attack...

Same vulnerability type (CWE-912)
CVE-2020-12504 9.8

This CVE describes an improper authorization vulnerability in Pepperl+Fuchs Comtrol RocketLinx indus...

Same vulnerability type (CWE-912)
CVE-2024-45697 9.8

This vulnerability affects certain D-Link wireless routers where the telnet service is automatically...

Same vulnerability type (CWE-912)