Siemens SIMATIC RTLS Locating Manager

Plan Patch8.4ICS-CERT ICSA-20-252-01Sep 8, 2020

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SIMATIC RTLS Locating Manager versions prior to 2.10.2 contain improper access control and insecure file/directory handling vulnerabilities (CWE-276, CWE-428). An authenticated local user can exploit these to read or modify system files and gain elevated privileges on the Windows Server hosting the application, potentially compromising the integrity of the real-time locating system and the security of the server itself.

What this means

What could happen

A user with local access to the Windows Server running SIMATIC RTLS Locating Manager could gain elevated privileges and modify system configurations or access sensitive data. This could allow disruption of real-time location tracking for mobile equipment and personnel in industrial facilities.

Who's at risk

This affects any organization using Siemens SIMATIC RTLS (Real-Time Locating System) Locating Manager for asset and personnel tracking in manufacturing, logistics, warehousing, and large industrial facilities. Primary concern is for facilities where the manager runs on a shared or multi-user Windows Server.

How it could be exploited

An attacker with local login credentials to the Windows Server hosting RTLS Locating Manager could exploit improper file or folder permissions (CWE-276) and insecure directory traversal (CWE-428) to write files with elevated privileges, escalate their account access, or read restricted configuration files containing network or authentication details.

Prerequisites

Local login credentials to the Windows Server
Physical or remote access to the server's operating system (not the application itself)
Low-privilege user account or service account access

Low attack complexityRequires local access (not remotely exploitable)Affects system confidentiality and integrityImproper file permissions (CWE-276)Insecure control flow (CWE-428)

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC RTLS Locating Manager: All<V2.10.22.10.2

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict local access to the RTLS Locating Manager server to trusted personnel only; avoid creating unnecessary local user accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC RTLS Locating Manager to version 2.10.2 or later

Long-term hardening

0/2

HARDENINGApply Windows Server hardening in accordance with your corporate security policies and current hardening guidelines

HARDENINGImplement network access controls to limit connectivity to the RTLS Locating Manager server

CVEs (3)

CVE-2020-10049 CVE-2020-10050 CVE-2020-10051

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5f19eec1-3934-439d-b748-38bcb8ebc5e7