CVE-2025-40746

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:simatic_rtls_locating_manager:*:*:*:*:*:*:*:*

History

20 Aug 2025, 20:58

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en SIMATIC RTLS Locating Manager (todas las versiones anteriores a la V3.2). Los productos afectados no validan correctamente la entrada de un script de copia de seguridad. Esto podría permitir que un atacante remoto autenticado con privilegios elevados en la aplicación ejecute código arbitrario con privilegios de "NT Authority/SYSTEM".
CPE cpe:2.3:a:siemens:simatic_rtls_locating_manager:*:*:*:*:*:*:*:*
References () https://cert-portal.siemens.com/productcert/html/ssa-493787.html - () https://cert-portal.siemens.com/productcert/html/ssa-493787.html - Vendor Advisory
CWE NVD-CWE-noinfo
First Time Siemens
Siemens simatic Rtls Locating Manager

12 Aug 2025, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-12 12:15

Updated : 2025-08-20 20:58


NVD link : CVE-2025-40746

Mitre link : CVE-2025-40746

CVE.ORG link : CVE-2025-40746


JSON object : View

Products Affected

siemens

  • simatic_rtls_locating_manager
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo