CVE-2024-30206

Name of the Vulnerable Software and Affected Versions SIMATIC RTLS Locating Manager versions prior to V3.0.1.1

Description The issue is related to the lack of integrity checking for code loading, which could allow a remote attacker to execute arbitrary code by altering update files in transit. This requires the attacker to be able to modify the communication between the server and client on the network.

Recommendations For SIMATIC RTLS Locating Manager versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. As a temporary workaround, consider restricting network access to authorized personnel and implementing additional security measures to prevent modification of the communication between the server and client.