ID

VAR-202405-0160


CVE

CVE-2024-30208


TITLE

Siemens SIMATIC RTLS Locating Manager Critical Resource Permission Assignment Improper Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-23115

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The "DBTest" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory. SIMATIC RTLS Locating Manager is used to configure, operate and maintain SIMATIC RTLS devices, which is a real-time wireless positioning system that provides positioning solutions. Siemens SIMATIC RTLS Locating Manager has a critical resource permission allocation incorrect vulnerability

Trust: 1.44

sources: NVD: CVE-2024-30208 // CNVD: CNVD-2024-23115

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-23115

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rtls locating managerscope:ltversion:v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-23115

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-30208
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-23115
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-23115
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-30208
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.0
impactScore: 3.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-23115 // NVD: CVE-2024-30208

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

sources: NVD: CVE-2024-30208

PATCH

title:Patch for Siemens SIMATIC RTLS Locating Manager Critical Resource Permission Assignment Improper Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/546771

Trust: 0.6

sources: CNVD: CNVD-2024-23115

EXTERNAL IDS

db:NVDid:CVE-2024-30208

Trust: 1.6

db:SIEMENSid:SSA-093430

Trust: 1.6

db:CNVDid:CNVD-2024-23115

Trust: 0.6

sources: CNVD: CNVD-2024-23115 // NVD: CVE-2024-30208

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-23115 // NVD: CVE-2024-30208

SOURCES

db:CNVDid:CNVD-2024-23115
db:NVDid:CVE-2024-30208

LAST UPDATE DATE

2024-08-14T13:41:07.018000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-23115date:2024-05-17T00:00:00
db:NVDid:CVE-2024-30208date:2024-06-11T12:15:14.623

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-23115date:2024-05-17T00:00:00
db:NVDid:CVE-2024-30208date:2024-05-14T16:16:48.243