CVE-2024-33496

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.
Configurations

No configuration.

History

21 Nov 2024, 09:17

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-093430.html - () https://cert-portal.siemens.com/productcert/html/ssa-093430.html -

11 Jun 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en SIMATIC RTLS Locating Manager (6GT2780-0DA00) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (Todas las versiones &lt; V3 .0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (todas las versiones &lt; V3.0.1.1). Los clientes de informes SIMATIC RTLS Locating Manager afectados no protegen adecuadamente las credenciales que se utilizan para autenticarse en el servidor. Esto podría permitir que un atacante local autenticado extraiga las credenciales y las utilice para escalar sus derechos de acceso desde el rol de Administrador al de Administrador del sistema.

14 May 2024, 16:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 16:17

Updated : 2024-11-21 09:17


NVD link : CVE-2024-33496

Mitre link : CVE-2024-33496

CVE.ORG link : CVE-2024-33496


JSON object : View

Products Affected

No product.

CWE
CWE-522

Insufficiently Protected Credentials