Details of VAR-202405-0152

ID

VAR-202405-0152

CVE

CVE-2024-30207

TITLE

Siemens SIMATIC RTLS Locating Manager has an unspecified vulnerability (CNVD-2024-23114)

Trust: 0.6

sources: CNVD: CNVD-2024-23114

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network. SIMATIC RTLS Locating Manager is used to configure, operate and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions

Trust: 1.44

sources: NVD: CVE-2024-30207 // CNVD: CNVD-2024-23114

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-23114

AFFECTED PRODUCTS

vendor:

siemens

model:

simatic rtls locating manager

scope:

version:

v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-23114

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-30207
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2024-23114
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-23114
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-30207
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-23114 // NVD: CVE-2024-30207

PROBLEMTYPE DATA

problemtype:

CWE-321

Trust: 1.0

sources: NVD: CVE-2024-30207

PATCH

title:

Patch for Siemens SIMATIC RTLS Locating Manager has an unspecified vulnerability (CNVD-2024-23114)

url:

https://www.cnvd.org.cn/patchInfo/show/546766

Trust: 0.6

sources: CNVD: CNVD-2024-23114

EXTERNAL IDS

db:	SIEMENS	id:	SSA-093430	Trust: 1.6
db:	NVD	id:	CVE-2024-30207	Trust: 1.6
db:	CNVD	id:	CNVD-2024-23114	Trust: 0.6

sources: CNVD: CNVD-2024-23114 // NVD: CVE-2024-30207

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-23114 // NVD: CVE-2024-30207

SOURCES

db:	CNVD	id:	CNVD-2024-23114
db:	NVD	id:	CVE-2024-30207

LAST UPDATE DATE

2024-08-14T13:41:07.169000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-23114	date:	2024-05-17T00:00:00
db:	NVD	id:	CVE-2024-30207	date:	2024-06-11T12:15:14.520

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-23114	date:	2024-05-17T00:00:00
db:	NVD	id:	CVE-2024-30207	date:	2024-05-14T16:16:47.020