CVE-2024-33497
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
4.8 Medium
CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/SC:L/VI:L/SI:L/VA:L/SA:L
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.
CNA Affected
[
{
"vendor": "Siemens",
"product": "SIMATIC RTLS Locating Manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V3.0.1.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC RTLS Locating Manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V3.0.1.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC RTLS Locating Manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V3.0.1.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC RTLS Locating Manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V3.0.1.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC RTLS Locating Manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V3.0.1.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC RTLS Locating Manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V3.0.1.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC RTLS Locating Manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V3.0.1.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
4.8 Medium
CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/SC:L/VI:L/SI:L/VA:L/SA:L
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%