Simatic Rtls Locating Manager
CVE-2025-40751
MEDIUM
Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.
AnalysisAI
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. Affected products include: Siemens Simatic Rtls Locating Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Rated critical severity (CVS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today