Simatic Rtls Locating Manager
CVE-2020-10049
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.
AnalysisAI
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators. Affected products include: Siemens Simatic Rtls Locating Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Rated critical severity (CVS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today