CVE-2024-33583

Summary

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected

Weaknesses

  • CWE-912: CWE-912: Hidden Functionality

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References