PT-2024-4511 · Siemens · Simatic Rtls Locating Manager

Published

2024-05-14

Updated

2024-06-11

CVE-2024-33496

CVSS v3.1

6.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions SIMATIC RTLS Locating Manager versions prior to V3.0.1.1

Description A vulnerability has been identified in SIMATIC RTLS Locating Manager where affected Report Clients do not properly protect credentials used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. The issue is related to insufficient protection of registration data.

Recommendations For SIMATIC RTLS Locating Manager versions prior to V3.0.1.1, update to version V3.0.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Report Clients to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

BDU:2024-05015

CVE-2024-33496

Affected Products

Simatic Rtls Locating Manager

PT-2024-4511 · Siemens · Simatic Rtls Locating Manager

CVE-2024-33496

Weakness Enumeration

Related Identifiers

Affected Products

References · 3