PT-2024-3683 · Siemens · Simatic Rtls Locating Manager

Published

2024-05-14

Updated

2024-06-11

CVE-2024-30209

CVSS v3.1

9.6

Critical

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SIMATIC RTLS Locating Manager versions prior to V3.0.1.1

Description A vulnerability has been identified that allows an attacker to eavesdrop on and modify resources in transit due to the lack of proper cryptographic protection for client-side resources. This could be exploited by an attacker in the network path between the RTLS Locating Manager server and a client, enabling a man-in-the-middle (MitM) attack.

Recommendations For SIMATIC RTLS Locating Manager versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the network path between the RTLS Locating Manager server and clients to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

BDU:2024-04027

CVE-2024-30209

Affected Products

Simatic Rtls Locating Manager

PT-2024-3683 · Siemens · Simatic Rtls Locating Manager

CVE-2024-30209

Weakness Enumeration

Related Identifiers

Affected Products

References · 3