PT-2024-3573 · Siemens · Simatic Rtls Locating Manager

Published

2024-05-14

Updated

2024-06-11

CVE-2024-30207

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SIMATIC RTLS Locating Manager versions prior to V3.0.1.1

Description The issue is related to a hard-coded encryption key used in the communication between the client and server. This could allow an unauthenticated remote attacker to compromise the confidentiality and integrity of the communication, and subsequently, the availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between the client and server on the network.

Recommendations For SIMATIC RTLS Locating Manager versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the communication between the client and server to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-320

Related Identifiers

BDU:2024-03878

CVE-2024-30207

Affected Products

Simatic Rtls Locating Manager

PT-2024-3573 · Siemens · Simatic Rtls Locating Manager

CVE-2024-30207

Weakness Enumeration

Related Identifiers

Affected Products

References · 8