CVE-2024-39675 is a high-severity vulnerability affecting multiple Siemens RUGGEDCOM industrial networking devices, including RMC30, RP110, RS400, RS401, RS416, RS910, RS920 series, and their variants, specifically all versions prior to V4.3.10 or V5.9.0 depending on the model. The root cause is the improper enabling of the Modbus service on non-managed VLANs in certain configurations. Modbus is a widely used industrial communication protocol, often employed in supervisory control and data acquisition (SCADA) and other industrial control system (ICS) environments. The vulnerability is classified under CWE-497, which relates to the exposure of sensitive system information to an unauthorized control sphere. This means that unauthorized actors can gain access to sensitive system information that should otherwise be restricted, potentially allowing them to gather intelligence about the device or network configuration. The vulnerability affects only serial devices, which are commonly used in industrial environments for communication between controllers and field devices. The CVSS v3.1 base score is 8.8, indicating a high severity level. The vector string (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) shows that the attack vector is adjacent network (AV:A), requiring low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning an attacker can fully compromise the device's data and operation. The scope is unchanged (S:U), so the impact is limited to the vulnerable component. Exploit code is not currently known to be in the wild, but the vulnerability is publicly disclosed and documented by Siemens and CISA. The exposure of sensitive system information via Modbus on non-managed VLANs could allow attackers to map network topology, identify device configurations, or launch further attacks such as command injection or denial of service. Given the critical role of RUGGEDCOM devices in industrial networks, this vulnerability poses significant risks to operational technology (OT) environments.

For European organizations, especially those operating critical infrastructure such as energy utilities, transportation networks, and manufacturing plants, this vulnerability presents a substantial risk. Siemens RUGGEDCOM devices are widely deployed in European industrial and utility sectors due to their ruggedness and reliability in harsh environments. Unauthorized exposure of sensitive system information can facilitate reconnaissance by threat actors, enabling them to plan and execute targeted attacks that could disrupt industrial processes, cause equipment damage, or lead to safety incidents. The high impact on confidentiality, integrity, and availability means that attackers could not only steal sensitive operational data but also manipulate device behavior or cause outages. This is particularly concerning for sectors under strict regulatory oversight such as the European Union’s NIS2 directive, which mandates robust cybersecurity measures for essential services. The vulnerability’s exploitation could lead to operational downtime, financial losses, regulatory penalties, and reputational damage. Additionally, the fact that the Modbus service is enabled on non-managed VLANs suggests potential misconfigurations in network segmentation, increasing the attack surface. Given the interconnected nature of European industrial networks, a successful compromise could propagate risks across supply chains and cross-border operations.

1. Immediate patching: Upgrade all affected Siemens RUGGEDCOM devices to the latest firmware versions (at least V4.3.10 or V5.9.0 as applicable) where the vulnerability is addressed. Siemens should be contacted for official patches if not publicly available. 2. Network segmentation review: Conduct a thorough audit of VLAN configurations to ensure that Modbus services are only enabled on managed, secure VLANs with strict access controls. Disable Modbus on any non-managed or unnecessary VLANs. 3. Access control enforcement: Implement strict network access controls using firewalls and intrusion prevention systems to limit Modbus traffic only to authorized devices and users. 4. Monitoring and anomaly detection: Deploy industrial network monitoring tools capable of detecting unusual Modbus traffic patterns or unauthorized access attempts. 5. Incident response readiness: Prepare and test incident response plans specifically for OT environments, including procedures for isolating affected devices and restoring operations. 6. Vendor coordination: Maintain communication with Siemens for updates, advisories, and support. 7. Configuration hardening: Review device configurations to disable unused services and enforce strong authentication where possible. 8. Physical security: Ensure physical access to RUGGEDCOM devices is restricted to prevent local exploitation. 9. Training and awareness: Educate OT personnel on the risks associated with Modbus exposure and best practices for secure industrial network management. These steps go beyond generic advice by focusing on the specific vulnerability vector (Modbus on non-managed VLANs) and the operational context of RUGGEDCOM devices in industrial networks.