CNVD-2024-23117 — Vulnetix

CNVD-2024-23117 PUBLISHED

SIMATIC RTLS Locating Manager用于配置、操作和维护SIMATIC RTLS装置，该装置是一个实时无线定位系统，可提供定位解决方案。 Siemens SIMATIC RTLS Locating Manager存在数据真实性验证不足漏洞，该漏洞是由于受影响的组件无法正确验证检测信号消息。攻击者可利用该漏洞影响使用TeeRevProxy服务配置的辅助RTLS系统的可用性，并可能导致进行期间生成的数据丢失。

Affected Products

Vendor	Product	Versions
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA30) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA10) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA30) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA10) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA00) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA20) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA20) < V3.0.1.1

Timeline

May 16, 2024 CVE ID Reserved
May 17, 2024 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-093430.html url

Open in Interactive Console →