SIMATIC RTLS Locating Manager <3.0.1.1: Heartbeat Auth Bypass
CVE-2024-33494 Published on May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing.
Weakness Type
Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Products Associated with CVE-2024-33494
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-33494 are published in Siemens Simatic Rtls Locating Manager:
Affected Versions
Siemens SIMATIC RTLS Locating Manager:- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before V3.0.1.1 is affected.
- Before 3.0.1.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.