Details of VAR-202405-0160

ID

VAR-202405-0160

CVE

CVE-2024-30208

TITLE

Siemens SIMATIC RTLS Locating Manager Critical Resource Permission Assignment Improper Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-23115

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The "DBTest" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory. SIMATIC RTLS Locating Manager is used to configure, operate and maintain SIMATIC RTLS devices, which is a real-time wireless positioning system that provides positioning solutions. Siemens SIMATIC RTLS Locating Manager has a critical resource permission allocation incorrect vulnerability

Trust: 1.44

sources: NVD: CVE-2024-30208 // CNVD: CNVD-2024-23115

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-23115

AFFECTED PRODUCTS

vendor:

siemens

model:

simatic rtls locating manager

scope:

version:

v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-23115

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-30208
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-23115
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-23115
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-30208
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.0
impactScore:	3.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-23115 // NVD: CVE-2024-30208

PROBLEMTYPE DATA

problemtype:

CWE-732

Trust: 1.0

sources: NVD: CVE-2024-30208

PATCH

title:

Patch for Siemens SIMATIC RTLS Locating Manager Critical Resource Permission Assignment Improper Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/546771

Trust: 0.6

sources: CNVD: CNVD-2024-23115

EXTERNAL IDS

db:	NVD	id:	CVE-2024-30208	Trust: 1.6
db:	SIEMENS	id:	SSA-093430	Trust: 1.6
db:	CNVD	id:	CNVD-2024-23115	Trust: 0.6

sources: CNVD: CNVD-2024-23115 // NVD: CVE-2024-30208

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-23115 // NVD: CVE-2024-30208

SOURCES

db:	CNVD	id:	CNVD-2024-23115
db:	NVD	id:	CVE-2024-30208

LAST UPDATE DATE

2024-08-14T13:41:07.018000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-23115	date:	2024-05-17T00:00:00
db:	NVD	id:	CVE-2024-30208	date:	2024-06-11T12:15:14.623

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-23115	date:	2024-05-17T00:00:00
db:	NVD	id:	CVE-2024-30208	date:	2024-05-14T16:16:48.243