PatchSiren cyber security CVE debrief
CVE-2024-33496 Siemens CVE debrief
CVE-2024-33496 is a medium-severity vulnerability in Siemens SIMATIC RTLS Locating Manager affecting Report Clients. Published on 2024-05-14 and last modified on 2024-06-11, this issue involves improper credential protection that allows an authenticated local attacker to extract credentials and escalate privileges from Manager to Systemadministrator role. The vulnerability affects seven product variants of the SIMATIC RTLS Locating Manager (6GT2780 series). Siemens has released version V3.0.1.1 as a vendor fix, available through Siemens Online Software Delivery (OSD). CISA and Siemens recommend defense-in-depth mitigations including host consolidation, firewall protection, Windows Server hardening, and restricting system access to trusted personnel. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- SIMATIC RTLS Locating Manager (6GT2780-0DA00)
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-06-11
Who should care
Organizations deploying Siemens SIMATIC RTLS Locating Manager for real-time locating systems in industrial environments, particularly those with multi-user administrative access or distributed Report Client installations. Security teams managing Windows Server infrastructure hosting ICS applications should prioritize this update.
Technical summary
The SIMATIC RTLS Locating Manager Report Clients fail to properly protect authentication credentials used for server communication. An attacker with local access and Manager-level privileges can extract these credentials from the client, then reuse them to authenticate as a Systemadministrator. This represents a horizontal-to-vertical privilege escalation path within the RTLS management plane. The attack requires local access (AV:L) and existing low-privileged authentication (PR:L), with no user interaction needed. The vulnerability affects all seven 6GT2780-series product variants. Siemens addressed this in V3.0.1.1 by implementing proper credential protection mechanisms.
Defensive priority
medium
Recommended defensive actions
- Update SIMATIC RTLS Locating Manager to version V3.0.1.1 or later via Siemens Online Software Delivery (OSD)
- Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system
- Secure the Windows Server hosting RTLS Locating Manager with a firewall and ensure no ports are accessible from untrusted networks
- Apply security hardening of the Windows Server per corporate security policies or current hardening guidelines
- Review and restrict local access to Report Client systems to prevent credential extraction attempts
Evidence notes
Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-24-137-07. Vendor fix version V3.0.1.1 confirmed in remediation section. CVSS 6.3 (MEDIUM) per source. Seven affected product variants identified in CSAF product tree.
Official resources
-
CVE-2024-33496 CVE record
CVE.org
-
CVE-2024-33496 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14