CVE-2024-33494
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Summary
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIMATIC RTLS Locating Manager | 0 < V3.0.1.1 | affected |
| Siemens | SIMATIC RTLS Locating Manager | 0 < V3.0.1.1 | affected |
| Siemens | SIMATIC RTLS Locating Manager | 0 < V3.0.1.1 | affected |
| Siemens | SIMATIC RTLS Locating Manager | 0 < V3.0.1.1 | affected |
| Siemens | SIMATIC RTLS Locating Manager | 0 < V3.0.1.1 | affected |
| Siemens | SIMATIC RTLS Locating Manager | 0 < V3.0.1.1 | affected |
| Siemens | SIMATIC RTLS Locating Manager | 0 < V3.0.1.1 | affected |
Weaknesses
- CWE-345: CWE-345: Insufficient Verification of Data Authenticity
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.