CVE-2024-33497

Summary

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected

Weaknesses

  • CWE-522: CWE-522: Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References