CVE-2020-10052 — Log File Information Exposure in Siemens Simatic Rtls Locating Manager

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 83.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Rtls Locating Manager

Timeline

PublishedNov 9

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsiemens/simatic_rtls_locating_manager< 2.12

▶CVEListV5siemens/simatic_rtls_locating_managerAll versions < V2.12

🔴Vulnerability Details

GHSA

GHSA-hjrc-f5q3-9mgw: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2↗2022-05-24

▶

CVEList

CVE-2020-10052: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2↗2021-11-09

▶