CVE-2024-30206

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Clients do not properly check the integrity of update files. This could allow an unauthenticated remote attacker to alter update files in transit and trick an authorized user into installing malicious code. A successful exploit requires the attacker to be able to modify the communication between server and client on the network.
Configurations

No configuration.

History

21 Nov 2024, 09:11

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-093430.html - () https://cert-portal.siemens.com/productcert/html/ssa-093430.html -

11 Jun 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en SIMATIC RTLS Locating Manager (6GT2780-0DA00) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (Todas las versiones &lt; V3 .0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (todas las versiones &lt; V3.0.1.1). Los clientes SIMATIC RTLS Locating Manager afectados no comprueban correctamente la integridad de los archivos de actualización. Esto podría permitir que un atacante remoto no autenticado altere los archivos de actualización en tránsito y engañe a un usuario autorizado para que instale código malicioso. Un exploit exitoso requiere que el atacante pueda modificar la comunicación entre el servidor y el cliente en la red.

14 May 2024, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 16:16

Updated : 2024-11-21 09:11


NVD link : CVE-2024-30206

Mitre link : CVE-2024-30206

CVE.ORG link : CVE-2024-30206


JSON object : View

Products Affected

No product.

CWE
CWE-494

Download of Code Without Integrity Check