We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Ok

THREATINT
PUBLISHED

CVE-2024-30207

Reserved:2024-03-25
Published:2024-05-14
Updated:2024-05-15

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network.



CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Problem types

CWE-321: Use of Hard-coded Cryptographic Key

Product status

Default status
unknown

Any version before V3.0.1.1
affected

Default status
unknown

Any version before V3.0.1.1
affected

Default status
unknown

Any version before V3.0.1.1
affected

Default status
unknown

Any version before V3.0.1.1
affected

Default status
unknown

Any version before V3.0.1.1
affected

Default status
unknown

Any version before V3.0.1.1
affected

Default status
unknown

Any version before V3.0.1.1
affected

References

https://cert-portal.siemens.com/productcert/html/ssa-093430.html

cve.org CVE-2024-30207

nvd.nist.gov CVE-2024-30207

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-30207