Products
SIMATIC RTLS Locating Manager (6GT2780-0DA00)
- < V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA10)
- < V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA20)
- < V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA30)
- < V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA10)
- < V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA20)
- < V3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA30)
- < V3.0.1.1
SIMATIC RTLS Locating Manager
- All versions < V3.0.1.1
Source
productcert@siemens.com
Tags
CVE-2024-33499 details
Last Modified : May 14, 2024, 7:17 p.m.
Description
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.1 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.1
Exploitability Score
Impact Score
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-093430.html | productcert@siemens.com |