CVE-2025-40751 — Insufficiently Protected Credentials in Siemens Simatic Rtls Locating Manager

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 95.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Rtls Locating Manager

Timeline

PublishedAug 12

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages2 packages

▶CVEListV5siemens/simatic_rtls_locating_manager< V3.3

▶NVDsiemens/simatic_rtls_locating_manager< 3.3

🔴Vulnerability Details

CVEList

CVE-2025-40751: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3↗2025-08-12

▶

GHSA

GHSA-2pm6-hr95-ggxq: A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3↗2025-08-12

▶