CRITICAL🇵🇱 Wersja polska

CVE-2024-30207

CVSS 10.0v4.0pub. 2024-05-14upd. 2026-04-15

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network.

🤖 AI Analysis
How it works

The SIMATIC RTLS Locating Manager software uses a symmetric cryptographic algorithm with a key hard-coded in the application code. An attacker who obtains this key (for example, through software analysis) and is simultaneously able to intercept network traffic between the client and server can decrypt and modify the transmitted data. As a result, it is possible to compromise the confidentiality and integrity of communication, which may lead to further impact on the availability of the entire system.

Impact

An unauthenticated remote attacker can read and modify communication between the client and server, and may also cause loss of availability of the RTLS locating system.

Mitigation & patch

SIMATIC RTLS Locating Manager should be updated to version V3.0.1.1 or later. Detailed instructions are available in the Siemens security bulletin at: https://cert-portal.siemens.com/productcert/html/ssa-093430.html. Until the update is applied, it is recommended to limit the ability to intercept network traffic between client and server through network segmentation and the use of dedicated industrial networks.

Who is affected

SIMATIC RTLS Locating Manager in all versions below V3.0.1.1 for catalog numbers: 6GT2780-0DA00, 6GT2780-0DA10, 6GT2780-0DA20, 6GT2780-0DA30, 6GT2780-1EA10, 6GT2780-1EA20, 6GT2780-1EA30.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References