CVE-2024-30209 | THREATINT

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM).

Reserved 2024-03-25 | Published 2024-05-14 | Updated 2024-08-02 | Assigner siemens

CRITICAL: 9.6CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CRITICAL: 9.0CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-319: Cleartext Transmission of Sensitive Information

Product status

Default status

unknown

Any version before V3.0.1.1

affected

Default status

unknown

Any version before V3.0.1.1

affected

Default status

unknown

Any version before V3.0.1.1

affected

Default status

unknown

Any version before V3.0.1.1

affected

Default status

unknown

Any version before V3.0.1.1

affected

Default status

unknown

Any version before V3.0.1.1

affected

Default status

unknown

Any version before V3.0.1.1

affected

References

cert-portal.siemens.com/productcert/html/ssa-093430.html

cve.org (CVE-2024-30209)

nvd.nist.gov (CVE-2024-30209)

Download JSON