CVE-2024-33494

Summary

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected

Weaknesses

  • CWE-345: CWE-345: Insufficient Verification of Data Authenticity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References