CNVD-2024-24520 — Vulnetix

CNVD-2024-24520 PUBLISHED

SIMATIC RTLS Locating Manager用于配置、操作和维护SIMATIC RTLS装置，该装置是一个实时无线定位系统，可提供定位解决方案。 Siemens SIMATIC RTLS Locating Manager存在关键资源权限分配不正确漏洞，该漏洞是由于受影响的应用程序为用户管理组件分配了不正确的权限。攻击者可利用该漏洞将其权限从Administrators组提升到Systemadministrator组。

Affected Products

Vendor	Product	Versions
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA30) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA00) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA20) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA10) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA30) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-0DA20) < V3.0.1.1
	Siemens SIMATIC RTLS Locating Manager (6GT2780-1EA10) < V3.0.1.1

Timeline

May 16, 2024 CVE ID Reserved
May 30, 2024 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-093430.html url

Open in Interactive Console →