PatchSiren cyber security CVE debrief
CVE-2024-33494 Siemens CVE debrief
CVE-2024-33494 is a medium-severity authentication bypass vulnerability in Siemens SIMATIC RTLS Locating Manager affecting seven product variants. Published on May 14, 2024, and last modified on June 11, 2024, this flaw stems from improper authentication of heartbeat messages in components using the TeeRevProxy service. An unauthenticated remote attacker can exploit this weakness to impact availability of secondary RTLS systems and potentially cause data loss during an ongoing attack. The vulnerability carries a CVSS 3.1 score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L), indicating network-based exploitation with low complexity, no privileges required, and impacts to integrity and availability but not confidentiality. Siemens has released version 3.0.1.1 as a vendor fix, available through Siemens Online Software Delivery. CISA and Siemens recommend defense-in-depth measures including host consolidation, Windows Server firewall hardening, and application of corporate security policies until patching is complete. No known exploitation in ransomware campaigns has been reported, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- SIMATIC RTLS Locating Manager (6GT2780-0DA00)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens SIMATIC RTLS Locating Manager deployments in manufacturing, logistics, healthcare, or other industrial environments relying on real-time asset tracking. Security teams responsible for OT/ICS network segmentation and Windows Server hardening in industrial environments. Asset owners with distributed RTLS architectures using TeeRevProxy services for secondary system communication.
Technical summary
The vulnerability exists in the TeeRevProxy service component where heartbeat messages are not properly authenticated. This architectural weakness allows unauthenticated remote attackers to send crafted messages that affect availability of secondary RTLS (Real-Time Locating System) systems. The attack vector is network-based with low complexity, requiring no user interaction or privileges. Successful exploitation can cause loss of RTLS data generated during the attack window. The fix in version 3.0.1.1 implements proper authentication for heartbeat communications.
Defensive priority
medium
Recommended defensive actions
- Apply vendor fix: Update SIMATIC RTLS Locating Manager to version 3.0.1.1 or later via Siemens Online Software Delivery (OSD)
- Consolidate RTLS Locating Manager components on a single host computer where possible and restrict physical and logical access to trusted personnel only
- Implement host-based firewall rules on the Windows Server hosting RTLS Locating Manager to block untrusted network access to all service ports
- Apply Windows Server security hardening in accordance with corporate security policies or current hardening guidelines
- Monitor for anomalous network traffic targeting TeeRevProxy service endpoints
- Review backup and recovery procedures for RTLS data to minimize potential data loss during security incidents
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-137-07 and Siemens security advisory SSA-093430. CVSS vector and remediation details sourced from official CSAF document. Vendor fix version 3.0.1.1 explicitly stated in remediations section.
Official resources
-
CVE-2024-33494 CVE record
CVE.org
-
CVE-2024-33494 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14