CVE-2025-40746
published 2025-08-12CVE-2025-40746: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup…
critical9.4CVSS 4.0
AVNACLATNPRHUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_rtls_locating_manager | < V3.2 | V3.2 |
| siemens | simatic_rtls_locating_manager | < 3.2 | 3.2 |