How severe is CVE-2024-33499?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-33499?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2024-33499 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group.

Related Vulnerabilities

CVE-2016-5202

CRITICAL

CVSS:9.1(Critical)

browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an era...

CWE-7322016

CVE-2017-7337

CRITICAL

CVSS:9.1(Critical)

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen sess...

CWE-7322017

CVE-2018-1000132

CRITICAL

CVSS:9.1(Critical)

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via n...

CWE-7322018

CVE-2018-1002150

CRITICAL

CVSS:9.1(Critical)

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13...

CWE-7322018

CVE-2018-14916

CRITICAL

CVSS:9.1(Critical)

LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.

CWE-7322018

CVE-2018-21081

CRITICAL

CVSS:9.1(Critical)

An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is S...

CWE-7322018