CVE-2024-30208

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-30208

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 3.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

A

vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The "DBTest" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory.

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-093430.html
https://cert-portal.siemens.com/productcert/html/ssa-093430.html
Configurations

No configuration.

History

21 Nov 2024, 09:11

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-093430.html - () https://cert-portal.siemens.com/productcert/html/ssa-093430.html -

11 Jun 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en SIMATIC RTLS Locating Manager (6GT2780-0DA00) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (Todas las versiones &lt; V3 .0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (todas las versiones &lt; V3.0.1.1). La herramienta "DBTest" de SIMATIC RTLS Locating Manager no aplica correctamente la restricción de acceso. Esto podría permitir que un atacante local autenticado extraiga información confidencial de la memoria.

14 May 2024, 16:16

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 16:16

Updated : 2024-11-21 09:11

NVD link : CVE-2024-30208

Mitre link : CVE-2024-30208

CVE.ORG link : CVE-2024-30208

JSON object : View

Products Affected

No product.

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource