VDB

CVE-2024-30209

CVE-2024-30209 PUBLISHED CVSS 9.600000381469727 CRITICAL

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM).

EPSS 0.07% · 21.9th percentile

Risk Scores

CVSS v3.1
9.600000381469727
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
0.07%
21.9th percentile

Affected Products

VendorProductVersions
SiemensSIMATIC RTLS Locating Manager0, 0, 0
siemenssimatic_rtls_locating_manager0

Timeline

  • May 14, 2024 CVE Published
  • May 15, 2024 EPSS Score
  • Jun 8, 2024 EPSS Score
  • Jul 2, 2024 EPSS Score
  • Jul 26, 2024 EPSS Score
  • Aug 2, 2024 CVE Updated
  • Aug 19, 2024 EPSS Score
  • Sep 11, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 5, 2024 EPSS Score
  • Oct 29, 2024 EPSS Score
  • Nov 22, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›