ID

VAR-202405-0162


CVE

CVE-2024-30206


TITLE

Siemens SIMATIC RTLS Locating Manager has an unspecified vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-23113

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Clients do not properly check the integrity of update files. This could allow an unauthenticated remote attacker to alter update files in transit and trick an authorized user into installing malicious code. A successful exploit requires the attacker to be able to modify the communication between server and client on the network. SIMATIC RTLS Locating Manager is used to configure, operate and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions

Trust: 1.44

sources: NVD: CVE-2024-30206 // CNVD: CNVD-2024-23113

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-23113

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rtls locating managerscope:ltversion:v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-23113

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-30206
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-23113
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-23113
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-30206
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-23113 // NVD: CVE-2024-30206

PROBLEMTYPE DATA

problemtype:CWE-494

Trust: 1.0

sources: NVD: CVE-2024-30206

PATCH

title:Patch for Siemens SIMATIC RTLS Locating Manager has an unspecified vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/546761

Trust: 0.6

sources: CNVD: CNVD-2024-23113

EXTERNAL IDS

db:SIEMENSid:SSA-093430

Trust: 1.6

db:NVDid:CVE-2024-30206

Trust: 1.6

db:CNVDid:CNVD-2024-23113

Trust: 0.6

sources: CNVD: CNVD-2024-23113 // NVD: CVE-2024-30206

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-23113 // NVD: CVE-2024-30206

SOURCES

db:CNVDid:CNVD-2024-23113
db:NVDid:CVE-2024-30206

LAST UPDATE DATE

2024-08-14T13:41:07.034000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-23113date:2024-05-17T00:00:00
db:NVDid:CVE-2024-30206date:2024-06-11T12:15:14.390

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-23113date:2024-05-17T00:00:00
db:NVDid:CVE-2024-30206date:2024-05-14T16:16:45.767