CNVD-2024-24519 — Vulnetix

CNVD-2024-24519 PUBLISHED

SIMATIC RTLS Locating Manager用于配置、操作和维护SIMATIC RTLS装置，该装置是一个实时无线定位系统，可提供定位解决方案。 Siemens SIMATIC RTLS Locating Manager存在资源消耗失控漏洞，该漏洞是由于受影响的应用程序无法正确释放在处理特制传入数据包时分配的内存。攻击者可利用该漏洞在内存不足时崩溃服务，从而造成拒绝服务，服务会在短时间后自动重新启动。

Affected Products

Vendor	Product	Versions
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA30) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA00) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA20) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA10) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA30) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA20) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA10) < V3.0.1.1

Timeline

May 16, 2024 CVE ID Reserved
May 30, 2024 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-093430.html url

Open in Interactive Console →