Primary

Context

Siemens SIMATIC RTLS Locating Manager Credential Protection Vulnerability Allowing Access Escalation

Vulnerability

Patched

A vulnerability exists in Siemens SIMATIC RTLS Locating Manager Report Clients, all versions prior to 3.3. These clients fail to adequately protect credentials used for server authentication, potentially allowing an authenticated local attacker to intercept these credentials and escalate access rights from the Manager role to the Systemadministrator role.

Impact

Exploitation of this vulnerability could lead to unauthorized access escalation, allowing a user to gain Systemadministrator privileges.

Remediation

Users are advised to update to version 3.3 or later. Additional guidance can be found on the Siemens support portal.

Added: Aug 12, 2025, 12:36 PM

Updated: Aug 12, 2025, 2:54 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SIMATIC RTLS Locating Manager Credential Protection Vulnerability Allowing Access Escalation

Vulnerability

Impact

Remediation

Affected Products

Siemens SIMATIC RTLS Locating Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating