CVE-2020-10054 — Improper Input Validation in Siemens Simatic Rtls Locating Manager

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Rtls Locating Manager

Timeline

PublishedNov 9

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsiemens/simatic_rtls_locating_manager< 2.12

▶CVEListV5siemens/simatic_rtls_locating_managerAll versions < V2.12

🔴Vulnerability Details

GHSA

GHSA-hpgq-2j8w-r744: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2↗2022-05-24

▶

CVEList

CVE-2020-10054: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2↗2021-11-09

▶