CVE-2024-37990

Name: CVE-2024-37990
Creator: NVD / NIST
Published: 2024-09-10T10:15:10.227+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7/10EPSS 0.41%

Last modified Jun 17, 2026

CVE-2024-37990 is a high-severity vulnerability rated 7/10 on the CVSS scale. A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS 4.0

7/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.41%

32.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-912

Affected Software

Vendor	Product	Versions
Siemens	Simatic Rf360r Firmware	< 2.2
Siemens	Simatic Rf1170r Firmware	< 1.1
Siemens	Simatic Rf1140r Firmware	< 1.1
Siemens	Simatic Reader Rf685r Fcc Firmware	< 4.2
Siemens	Simatic Reader Rf685r Etsi Firmware	< 4.2
Siemens	Simatic Reader Rf685r Cmiit Firmware	< 4.2
Siemens	Simatic Reader Rf685r Arib Firmware	< 4.2
Siemens	Simatic Reader Rf680r Fcc Firmware	< 4.2
Siemens	Simatic Reader Rf680r Etsi Firmware	< 4.2
Siemens	Simatic Reader Rf680r Cmiit Firmware	< 4.2
Siemens	Simatic Reader Rf680r Arib Firmware	< 4.2
Siemens	Simatic Reader Rf650r Fcc Firmware	< 4.2
Siemens	Simatic Reader Rf650r Etsi Firmware	< 4.2
Siemens	Simatic Reader Rf650r Cmiit Firmware	< 4.2
Siemens	Simatic Reader Rf650r Arib Firmware	< 4.2
Siemens	Simatic Reader Rf615r Fcc Firmware	< 4.2
Siemens	Simatic Reader Rf615r Etsi Firmware	< 4.2
Siemens	Simatic Reader Rf615r Cmiit Firmware	< 4.2
Siemens	Simatic Reader Rf610r Fcc Firmware	< 4.2
Siemens	Simatic Reader Rf610r Etsi Firmware	< 4.2
Siemens	Simatic Reader Rf610r Cmiit Firmware	< 4.2
Siemens	Simatic Rf188ci Firmware	< 2.2
Siemens	Simatic Rf188c Firmware	< 2.2
Siemens	Simatic Rf186ci Firmware	< 2.2
Siemens	Simatic Rf186c Firmware	< 2.2
Siemens	Simatic Rf185c Firmware	< 2.2
Siemens	Simatic Rf166c Firmware	< 2.2

References

https://cert-portal.siemens.com/productcert/html/ssa-765405.htmlVendor Advisory

Timeline

Published: Sep 10, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-37990?

How severe is CVE-2024-37990?

CVE-2024-37990 has a CVSS score of 7/10 (HIGH severity). The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2024-37990?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-37990?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST