PatchSiren cyber security CVE debrief
CVE-2024-30208 Siemens CVE debrief
CVE-2024-30208 is a medium-severity vulnerability in Siemens SIMATIC RTLS Locating Manager affecting seven product variants. The DBTest diagnostic tool fails to properly enforce access restrictions, allowing an authenticated local attacker to extract sensitive information from memory. Published on May 14, 2024, and last modified on June 11, 2024, this vulnerability carries a CVSS 3.1 score of 6.3. The attack vector is local with low complexity, requiring low privileges but no user interaction. The scope is changed, with low impacts to confidentiality, integrity, and availability. Siemens has released version 3.0.1.1 as a vendor fix, available through Siemens Online Software Delivery. CISA and Siemens recommend defense-in-depth measures including host consolidation, Windows Server firewall hardening, and application of corporate security policies until patching is complete. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog, and no known ransomware campaign use has been reported.
- Vendor
- Siemens
- Product
- SIMATIC RTLS Locating Manager (6GT2780-0DA00)
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens SIMATIC RTLS Locating Manager in manufacturing, logistics, or asset tracking environments. Security teams responsible for OT/ICS infrastructure, Windows Server administrators hosting RTLS components, and compliance officers managing industrial cybersecurity programs should prioritize assessment and patching.
Technical summary
The DBTest diagnostic utility in SIMATIC RTLS Locating Manager versions prior to 3.0.1.1 contains an access control weakness that permits authenticated local users to read sensitive data from process memory. The vulnerability exists because the tool does not adequately restrict access to memory regions containing operational or credential data. Successful exploitation requires valid local credentials but no user interaction, with potential for information disclosure that could facilitate further lateral movement or privilege escalation within the OT environment. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L) reflects local attack surface with changed scope and balanced impacts across CIA triad.
Defensive priority
medium
Recommended defensive actions
- Apply vendor fix: Update SIMATIC RTLS Locating Manager to version 3.0.1.1 or later via Siemens Online Software Delivery (OSD)
- Consolidate RTLS Locating Manager components on a single host computer and restrict physical and logical access to trusted personnel only
- Implement host-based firewall rules on the Windows Server hosting RTLS Locating Manager to block untrusted network access to all listening ports
- Apply Windows Server security hardening in accordance with corporate security policies or current hardening guidelines
- Monitor for unauthorized local access attempts and anomalous process memory access patterns on affected systems
- Review user account permissions to enforce principle of least privilege for RTLS Locating Manager operations
Evidence notes
Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-24-137-07. CVSS vector and scoring confirmed from source metadata. Vendor fix version 3.0.1.1 specified in remediations section. Product enumeration includes seven specific SIMATIC RTLS Locating Manager variants with part numbers 6GT2780-0DA00 through 6GT2780-1EA30.
Official resources
-
CVE-2024-30208 CVE record
CVE.org
-
CVE-2024-30208 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14