PT-2024-4508 · Siemens · Simatic Rtls Locating Manager

Published

2024-05-14

·

Updated

2024-06-11

·

CVE-2024-33497

CVSS v3.1

6.3

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions SIMATIC RTLS Locating Manager versions prior to V3.0.1.1 SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions prior to V3.0.1.1 SIMATIC RTLS Locating Manager (6GT2780-0DA10) versions prior to V3.0.1.1 SIMATIC RTLS Locating Manager (6GT2780-0DA20) versions prior to V3.0.1.1 SIMATIC RTLS Locating Manager (6GT2780-0DA30) versions prior to V3.0.1.1 SIMATIC RTLS Locating Manager (6GT2780-1EA10) versions prior to V3.0.1.1 SIMATIC RTLS Locating Manager (6GT2780-1EA20) versions prior to V3.0.1.1 SIMATIC RTLS Locating Manager (6GT2780-1EA30) versions prior to V3.0.1.1
Description The issue is related to the insufficient protection of credentials used for authentication to the server in the Track Viewer Client component of the SIMATIC RTLS Locating Manager software. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.
Recommendations For SIMATIC RTLS Locating Manager versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. For SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. For SIMATIC RTLS Locating Manager (6GT2780-0DA10) versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. For SIMATIC RTLS Locating Manager (6GT2780-0DA20) versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. For SIMATIC RTLS Locating Manager (6GT2780-0DA30) versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. For SIMATIC RTLS Locating Manager (6GT2780-1EA10) versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. For SIMATIC RTLS Locating Manager (6GT2780-1EA20) versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. For SIMATIC RTLS Locating Manager (6GT2780-1EA30) versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

BDU:2024-05012
CVE-2024-33497

Affected Products

Simatic Rtls Locating Manager