CVE-2024-33494

Name of the Vulnerable Software and Affected Versions SIMATIC RTLS Locating Manager versions prior to V3.0.1.1

Description A vulnerability has been identified where affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affect the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing.

Recommendations For versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the TeeRevProxy service to minimize the risk of exploitation.