CVE-2024-33497
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.
Overview
- CVE ID
- CVE-2024-33497
- Assigner
- siemens
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-14T10:03:01.146Z
- Last Modified Date
- 2024-06-11T14:20:42.140Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-093430.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-33497 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33497 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 05:19:48 | Added to TrackCVE |