SIMATIC RTLS Locating Manager <V3.0.1.1: Hard-Coded Symmetric Key
CVE-2024-30207 Published on May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network.
Weakness Type
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
Products Associated with CVE-2024-30207
Want to know whenever a new CVE is published for Siemens Simatic Rtls Locating Manager? stack.watch will email you.
Affected Versions
Siemens SIMATIC RTLS Locating Manager:- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Version - is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.