PatchSiren cyber security CVE debrief
CVE-2024-30209 Siemens CVE debrief
A critical vulnerability in Siemens SIMATIC RTLS Locating Manager allows man-in-the-middle attackers to eavesdrop on and modify client-side resources transmitted without proper cryptographic protection. The vulnerability requires network-level access between the RTLS Locating Manager server and clients. Siemens has released version V3.0.1.1 to address this issue.
- Vendor
- Siemens
- Product
- SIMATIC RTLS Locating Manager (6GT2780-0DA00)
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens SIMATIC RTLS Locating Manager systems for real-time locating services in industrial environments, including manufacturing, logistics, and critical infrastructure facilities. Security teams responsible for OT/ICS network segmentation and Windows Server hardening should prioritize this update.
Technical summary
The vulnerability exists because affected RTLS Locating Manager systems transmit client-side resources without proper cryptographic protection. An attacker positioned in the network path between the RTLS Locating Manager server and a client can exploit this to eavesdrop on communications and modify resources in transit. The attack requires adjacent network access (AV:A) but no privileges or user interaction, with successful exploitation resulting in complete compromise of confidentiality, integrity, and availability. The CVSS v3.1 vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C.
Defensive priority
critical
Recommended defensive actions
- Update SIMATIC RTLS Locating Manager to V3.0.1.1 or later via Siemens Online Software Delivery (OSD)
- Install RTLS Locating Manager components on a single host computer where possible and restrict physical access to trusted personnel only
- Secure the Windows Server hosting RTLS Locating Manager with host-based firewall rules blocking untrusted network access to all ports
- Apply Windows Server security hardening in accordance with corporate security policies or current hardening guidelines
- Segment RTLS Locating Manager network traffic to prevent unauthorized network path access between server and clients
Evidence notes
CVE published 2024-05-14; CISA advisory ICSA-24-137-07 issued same date. Advisory modified 2024-06-11 to add specific mitigation for related CVE-2024-30207. CVSS 9.6 (CRITICAL) based on adjacent network attack vector with low complexity, no privileges required, and high impact to confidentiality, integrity, and availability. Seven product variants affected across Siemens SIMATIC RTLS Locating Manager product line.
Official resources
-
CVE-2024-30209 CVE record
CVE.org
-
CVE-2024-30209 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14