SecuriTricks - CVE-2024-33499

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group.

Product(s) Impacted

Product	Versions
SIMATIC RTLS Locating Manager (6GT2780-0DA00)	['< V3.0.1.1']
SIMATIC RTLS Locating Manager (6GT2780-0DA10)	['< V3.0.1.1']
SIMATIC RTLS Locating Manager (6GT2780-0DA20)	['< V3.0.1.1']
SIMATIC RTLS Locating Manager (6GT2780-0DA30)	['< V3.0.1.1']
SIMATIC RTLS Locating Manager (6GT2780-1EA10)	['< V3.0.1.1']
SIMATIC RTLS Locating Manager (6GT2780-1EA20)	['< V3.0.1.1']
SIMATIC RTLS Locating Manager (6GT2780-1EA30)	['< V3.0.1.1']
SIMATIC RTLS Locating Manager	['All versions < V3.0.1.1']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://cert-portal.siemens.com/productcert/html/ssa-093430.html

CVSS Score

9.1 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: HIGH
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

View Vector String

Timeline

Published: May 14, 2024, 4:17 p.m.
Last Modified: May 14, 2024, 7:17 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CVE-2024-33499