CVE-2024-30207

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-30207

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

A

vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network.

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-093430.html
https://cert-portal.siemens.com/productcert/html/ssa-093430.html
Configurations

No configuration.

History

21 Nov 2024, 09:11

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-093430.html - () https://cert-portal.siemens.com/productcert/html/ssa-093430.html -

11 Jun 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en SIMATIC RTLS Locating Manager (6GT2780-0DA00) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (Todas las versiones &lt; V3 .0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (todas las versiones &lt; V3.0.1.1). Los sistemas afectados utilizan criptografía simétrica con una clave codificada para proteger la comunicación entre el cliente y el servidor. Esto podría permitir que un atacante remoto no autenticado comprometa la confidencialidad y la integridad de la comunicación y, posteriormente, la disponibilidad del sistema. Un exploit exitoso requiere que el atacante conozca la clave codificada y pueda interceptar la comunicación entre el cliente y el servidor en la red.

14 May 2024, 16:16

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 16:16

Updated : 2024-11-21 09:11

NVD link : CVE-2024-30207

Mitre link : CVE-2024-30207

CVE.ORG link : CVE-2024-30207

JSON object : View

Products Affected

No product.

CWE
CWE-321

Use of Hard-coded Cryptographic Key