CVE-2025-40746 — Improper Input Validation in Siemens Simatic Rtls Locating Manager

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.4CRITICALNVD

EPSS

0.5%

top 33.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Rtls Locating Manager

Timeline

PublishedAug 12

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶CVEListV5siemens/simatic_rtls_locating_manager< V3.2

▶NVDsiemens/simatic_rtls_locating_manager< 3.2

🔴Vulnerability Details

CVEList

CVE-2025-40746: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3↗2025-08-12

▶

GHSA

GHSA-5942-2jh9-wwqf: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3↗2025-08-12

▶