ICSA-24-137-07 · Published 2024-06-11 · View on CISA ICS-CERT ↗

Siemens SIMATIC RTLS Locating Manager

CVSS 10.0 CRITICAL

CVEs (21)

CVE-2023-4807 CVE-2023-5363 CVE-2023-5678 CVE-2023-29409 CVE-2023-33953 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-46218 CVE-2023-46219 CVE-2024-30206 CVE-2024-30207 CVE-2024-30208 CVE-2024-30209 CVE-2024-33494 CVE-2024-33495 CVE-2024-33496 CVE-2024-33497 CVE-2024-33498 CVE-2024-33499 CVE-2024-33583

Remediations

Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system
Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks
Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines
Update to V3.0.1.1 or later version The update is available from Siemens Online Software Delivery (OSD).
Protect all communication between RTLS Clients and the Server using a secure channel, e.g. an appropriate VPN solution. Ensure that the configured Server ports are exclusively reachable via the VPN as described in the installation manual

Affected Vendors

Siemens

Affected Products (7)

Siemens · SIMATIC RTLS Locating Manager (6GT2780-0DA00) <V3.0.1.1

Siemens · SIMATIC RTLS Locating Manager (6GT2780-0DA10) <V3.0.1.1

Siemens · SIMATIC RTLS Locating Manager (6GT2780-0DA20) <V3.0.1.1

Siemens · SIMATIC RTLS Locating Manager (6GT2780-0DA30) <V3.0.1.1

Siemens · SIMATIC RTLS Locating Manager (6GT2780-1EA10) <V3.0.1.1

Siemens · SIMATIC RTLS Locating Manager (6GT2780-1EA20) <V3.0.1.1

Siemens · SIMATIC RTLS Locating Manager (6GT2780-1EA30) <V3.0.1.1

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more