Assigner | siemens |
Reserved | 2024-04-23 |
Published | 2024-05-14 |
Updated | 2024-06-11 |
Description
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C | |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Problem types
CWE-732: Incorrect Permission Assignment for Critical Resource
Product status
Any version before V3.0.1.1
Any version before V3.0.1.1
Any version before V3.0.1.1
Any version before V3.0.1.1
Any version before V3.0.1.1
Any version before V3.0.1.1
Any version before V3.0.1.1
References
https://cert-portal.siemens.com/productcert/html/ssa-093430.html