CVE-2020-10053 — Cleartext Storage of Sensitive Info in Siemens Simatic Rtls Locating Manager

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Rtls Locating Manager

Timeline

PublishedNov 9

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsiemens/simatic_rtls_locating_manager< 2.12

▶CVEListV5siemens/simatic_rtls_locating_managerAll versions < V2.12

🔴Vulnerability Details

GHSA

GHSA-xcm6-w86x-xg6r: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2↗2022-05-24

▶

CVEList

CVE-2020-10053: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2↗2021-11-09

▶