ID

VAR-202405-0153


CVE

CVE-2024-33497


TITLE

Siemens SIMATIC RTLS Locating Manager Insufficient Protected Credentials Vulnerability (CNVD-2024-24518)

Trust: 0.6

sources: CNVD: CNVD-2024-24518

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions

Trust: 1.44

sources: NVD: CVE-2024-33497 // CNVD: CNVD-2024-24518

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-24518

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rtls locating managerscope:ltversion:v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-24518

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-33497
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-24518
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-24518
severity: MEDIUM
baseScore: 5.7
vectorString: AV:L/AC:L/AU:S/C:C/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-33497
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.0
impactScore: 3.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-24518 // NVD: CVE-2024-33497

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

sources: NVD: CVE-2024-33497

PATCH

title:Patch for Siemens SIMATIC RTLS Locating Manager Insufficient Protected Credentials Vulnerability (CNVD-2024-24518)url:https://www.cnvd.org.cn/patchInfo/show/547636

Trust: 0.6

sources: CNVD: CNVD-2024-24518

EXTERNAL IDS

db:SIEMENSid:SSA-093430

Trust: 1.6

db:NVDid:CVE-2024-33497

Trust: 1.6

db:CNVDid:CNVD-2024-24518

Trust: 0.6

sources: CNVD: CNVD-2024-24518 // NVD: CVE-2024-33497

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-24518 // NVD: CVE-2024-33497

SOURCES

db:CNVDid:CNVD-2024-24518
db:NVDid:CVE-2024-33497

LAST UPDATE DATE

2024-08-14T13:41:07.119000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-24518date:2024-05-28T00:00:00
db:NVDid:CVE-2024-33497date:2024-06-11T12:15:15.650

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-24518date:2024-05-30T00:00:00
db:NVDid:CVE-2024-33497date:2024-05-14T16:17:19.373