ID

VAR-202405-0152


CVE

CVE-2024-30207


TITLE

Siemens SIMATIC RTLS Locating Manager has an unspecified vulnerability (CNVD-2024-23114)

Trust: 0.6

sources: CNVD: CNVD-2024-23114

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network. SIMATIC RTLS Locating Manager is used to configure, operate and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions

Trust: 1.44

sources: NVD: CVE-2024-30207 // CNVD: CNVD-2024-23114

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-23114

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rtls locating managerscope:ltversion:v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-23114

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-30207
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2024-23114
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-23114
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-30207
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-23114 // NVD: CVE-2024-30207

PROBLEMTYPE DATA

problemtype:CWE-321

Trust: 1.0

sources: NVD: CVE-2024-30207

PATCH

title:Patch for Siemens SIMATIC RTLS Locating Manager has an unspecified vulnerability (CNVD-2024-23114)url:https://www.cnvd.org.cn/patchInfo/show/546766

Trust: 0.6

sources: CNVD: CNVD-2024-23114

EXTERNAL IDS

db:SIEMENSid:SSA-093430

Trust: 1.6

db:NVDid:CVE-2024-30207

Trust: 1.6

db:CNVDid:CNVD-2024-23114

Trust: 0.6

sources: CNVD: CNVD-2024-23114 // NVD: CVE-2024-30207

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-23114 // NVD: CVE-2024-30207

SOURCES

db:CNVDid:CNVD-2024-23114
db:NVDid:CVE-2024-30207

LAST UPDATE DATE

2024-08-14T13:41:07.169000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-23114date:2024-05-17T00:00:00
db:NVDid:CVE-2024-30207date:2024-06-11T12:15:14.520

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-23114date:2024-05-17T00:00:00
db:NVDid:CVE-2024-30207date:2024-05-14T16:16:47.020