ID

VAR-202405-0159


CVE

CVE-2024-33496


TITLE

Siemens SIMATIC RTLS Locating Manager Insufficient Protected Credentials Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-24517

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions

Trust: 1.44

sources: NVD: CVE-2024-33496 // CNVD: CNVD-2024-24517

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-24517

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rtls locating managerscope:ltversion:v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-24517

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-33496
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-24517
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-24517
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-33496
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.0
impactScore: 3.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-24517 // NVD: CVE-2024-33496

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

sources: NVD: CVE-2024-33496

PATCH

title:Patch for Siemens SIMATIC RTLS Locating Manager Insufficient Protected Credentials Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/547631

Trust: 0.6

sources: CNVD: CNVD-2024-24517

EXTERNAL IDS

db:NVDid:CVE-2024-33496

Trust: 1.6

db:SIEMENSid:SSA-093430

Trust: 1.6

db:CNVDid:CNVD-2024-24517

Trust: 0.6

sources: CNVD: CNVD-2024-24517 // NVD: CVE-2024-33496

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-24517 // NVD: CVE-2024-33496

SOURCES

db:CNVDid:CNVD-2024-24517
db:NVDid:CVE-2024-33496

LAST UPDATE DATE

2024-08-14T13:41:07.136000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-24517date:2024-05-28T00:00:00
db:NVDid:CVE-2024-33496date:2024-06-11T12:15:15.540

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-24517date:2024-05-30T00:00:00
db:NVDid:CVE-2024-33496date:2024-05-14T16:17:18.930