{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33494", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2024-04-23T11:08:04.354Z", "datePublished": "2024-05-14T10:02:56.636Z", "dateUpdated": "2024-08-02T02:36:02.830Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-06-11T14:20:38.261Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing."}], "affected": [{"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "baseScore": 6.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"}]}, "adp": [{"affected": [{"vendor": "siemens", "product": "simatic_rtls_locating_manager", "cpes": ["cpe:2.3:a:siemens:simatic_rtls_locating_manager:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.0.1.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-14T12:38:06.838394Z", "id": "CVE-2024-33494", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T17:42:46.441Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:36:02.830Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:36:02.830Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33494", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T12:38:06.838394Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:siemens:simatic_rtls_locating_manager:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_rtls_locating_manager", "versions": [{"status": "affected", "version": "0", "lessThan": "3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T12:37:56.342Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC RTLS Locating Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-06-11T14:20:38.261Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33494", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:36:02.830Z", "dateReserved": "2024-04-23T11:08:04.354Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2024-05-14T10:02:56.636Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC RTLS Locating Manager (6GT2780-0DA00) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (Todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (Todas las versiones &lt; V3 .0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (todas las versiones &lt; V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (todas las versiones &lt; V3.0.1.1). Los componentes afectados no autentican correctamente los mensajes de latido. Esto podr\u00eda permitir que un atacante remoto no autenticado afecte la disponibilidad de sistemas RTLS secundarios configurados utilizando un servicio TeeRevProxy y potencialmente cause la p\u00e9rdida de datos generados durante el tiempo que el ataque est\u00e1 en curso."}], "id": "CVE-2024-33494", "lastModified": "2024-06-11T12:15:15.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "productcert@siemens.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2024-05-14T16:17:17.983", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "productcert@siemens.com", "type": "Primary"}]}

{}