CVE-2024-33495

Summary

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References