SecuriTricks - CVE-2024-30209

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM).

Product(s) Impacted

Product	Versions
SIMATIC RTLS Locating Manager	< V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA00)	< V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA10)	< V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA20)	< V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA30)	< V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA10)	< V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA20)	< V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA30)	< V3.0.1.1

Weaknesses

References

https://cert-portal.siemens.com/productcert/html/ssa-093430.html

CVSS Score

9.6 / 10

CVSS Data

Attack Vector: ADJACENT_NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Date

Published: May 14, 2024, 4:16 p.m.
Last Modified: May 14, 2024, 7:18 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CVE-2024-30209