ID

VAR-202405-0154


CVE

CVE-2024-33494


TITLE

Siemens SIMATIC RTLS Locating Manager Insufficient Data Authenticity Verification Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-23117

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions. Siemens SIMATIC RTLS Locating Manager has an insufficient data authenticity verification vulnerability, which is due to the affected component failing to properly verify the heartbeat message

Trust: 1.44

sources: NVD: CVE-2024-33494 // CNVD: CNVD-2024-23117

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-23117

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rtls locating managerscope:ltversion:v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-23117

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-33494
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-23117
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-23117
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-33494
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-23117 // NVD: CVE-2024-33494

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

sources: NVD: CVE-2024-33494

PATCH

title:Patch for Siemens SIMATIC RTLS Locating Manager Insufficient Data Authenticity Verification Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/546781

Trust: 0.6

sources: CNVD: CNVD-2024-23117

EXTERNAL IDS

db:SIEMENSid:SSA-093430

Trust: 1.6

db:NVDid:CVE-2024-33494

Trust: 1.6

db:CNVDid:CNVD-2024-23117

Trust: 0.6

sources: CNVD: CNVD-2024-23117 // NVD: CVE-2024-33494

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-23117 // NVD: CVE-2024-33494

SOURCES

db:CNVDid:CNVD-2024-23117
db:NVDid:CVE-2024-33494

LAST UPDATE DATE

2024-08-14T13:41:07.069000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-23117date:2024-05-17T00:00:00
db:NVDid:CVE-2024-33494date:2024-06-11T12:15:15.330

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-23117date:2024-05-17T00:00:00
db:NVDid:CVE-2024-33494date:2024-05-14T16:17:17.983