CVE-2024-30207
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system.
A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network.
Overview
- CVE ID
- CVE-2024-30207
- Assigner
- siemens
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-14T10:02:19.474Z
- Last Modified Date
- 2024-06-11T14:20:30.666Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-093430.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-30207 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30207 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 11:21:51 | Added to TrackCVE |