CNVD-2024-24517 — Vulnetix

CNVD-2024-24517 PUBLISHED

SIMATIC RTLS Locating Manager用于配置、操作和维护SIMATIC RTLS装置，该装置是一个实时无线定位系统，可提供定位解决方案。 Siemens SIMATIC RTLS Locating Manager存在安全漏洞，该漏洞是由于受影响的SIMATIC RTLS定位管理器报告客户端无法正确保护用于向服务器进行身份验证的凭据。攻击者可利用该漏洞提取凭据，并使用这些凭据将其访问权限从管理器提升到系统管理员角色。

Affected Products

Vendor	Product	Versions
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA10) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA00) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA20) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA10) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA20) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA30) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA30) < V3.0.1.1

Timeline

May 16, 2024 CVE ID Reserved
May 30, 2024 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-093430.html url

Open in Interactive Console →