ID

VAR-202405-0161


CVE

CVE-2024-33583


TITLE

Siemens SIMATIC RTLS Locating Manager Hidden Function Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-24521

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions

Trust: 1.44

sources: NVD: CVE-2024-33583 // CNVD: CNVD-2024-24521

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-24521

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rtls locating managerscope:ltversion:v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-24521

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-33583
value: LOW

Trust: 1.0

CNVD: CNVD-2024-24521
value: LOW

Trust: 0.6

CNVD: CNVD-2024-24521
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-33583
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-24521 // NVD: CVE-2024-33583

PROBLEMTYPE DATA

problemtype:CWE-912

Trust: 1.0

sources: NVD: CVE-2024-33583

PATCH

title:Patch for Siemens SIMATIC RTLS Locating Manager Hidden Function Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/547651

Trust: 0.6

sources: CNVD: CNVD-2024-24521

EXTERNAL IDS

db:NVDid:CVE-2024-33583

Trust: 1.6

db:SIEMENSid:SSA-093430

Trust: 1.6

db:CNVDid:CNVD-2024-24521

Trust: 0.6

sources: CNVD: CNVD-2024-24521 // NVD: CVE-2024-33583

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-24521 // NVD: CVE-2024-33583

SOURCES

db:CNVDid:CNVD-2024-24521
db:NVDid:CVE-2024-33583

LAST UPDATE DATE

2024-08-14T13:41:07+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-24521date:2024-05-28T00:00:00
db:NVDid:CVE-2024-33583date:2024-06-11T12:15:16.220

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-24521date:2024-05-30T00:00:00
db:NVDid:CVE-2024-33583date:2024-05-14T16:17:21.257