CVE-2024-30207
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network.
EPSS 1.90% · 83.6th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC RTLS Locating Manager | 0, 0, 0 |
| siemens | simatic_rtls_locating_manager | - |
Exploit Intelligence
Timeline
- May 14, 2024 CVE Published
- May 15, 2024 EPSS Score
- Jun 9, 2024 EPSS Score
- Jul 3, 2024 EPSS Score
- Aug 2, 2024 CVE Updated
- Aug 20, 2024 EPSS Score
- Sep 12, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 6, 2024 EPSS Score
- Oct 30, 2024 EPSS Score
- Nov 23, 2024 EPSS Score
- Dec 18, 2024 EPSS Score