CVE-2024-33583

Name of the Vulnerable Software and Affected Versions SIMATIC RTLS Locating Manager versions prior to V3.0.1.1

Description The issue is related to the presence of undocumented configuration commands in the software. Exploitation of this issue could allow an attacker to gain information about the system's configuration. The affected application contains a hidden configuration item that enables debug functionality, which could allow an authenticated local attacker to gain insight into the internal configuration of the deployment.

Recommendations For SIMATIC RTLS Locating Manager versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. As a temporary workaround, consider disabling the debug functionality until a patch is available. Restrict access to the configuration items to minimize the risk of exploitation.