Siemens Location Intelligence

Act Now9.8ICS-CERT ICSA-24-046-05Feb 13, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Location Intelligence before version 4.3 contains hardcoded credentials that allow an attacker to obtain full administrative access to the application without authentication. The vulnerability affects all Perpetual and SUS license variants (Large, Medium, Non-Prod, Small). Siemens has released version 4.3 with a fix available through the Siemens Online Software Delivery system.

What this means

What could happen

An attacker who obtains hardcoded credentials could gain full administrative access to Location Intelligence, potentially allowing them to modify geolocation data, reports, or system configurations that may affect situational awareness for utility operations or emergency response.

Who's at risk

Municipal utilities and organizations operating Siemens Location Intelligence for asset tracking, geolocation reporting, or situational awareness should review their deployments. This includes system administrators managing the application for water, electric, gas, or other critical infrastructure operations that rely on location data.

How it could be exploited

An attacker with network access to Location Intelligence (versions before 4.3) can use the hardcoded credentials to authenticate as an administrator. No special complexity or user interaction is required—the credentials are embedded in the application and can be extracted or used directly.

Prerequisites

Network access to Location Intelligence application interface
Location Intelligence version prior to 4.3
Knowledge of hardcoded credentials (embedded in application)

Remotely exploitableNo authentication required (hardcoded credentials)Low complexityHigh CVSS score (9.8)

Exploitability

Moderate exploit probability (EPSS 1.9%)

Affected products (8)

8 with fix

ProductAffected VersionsFix Status

Location Intelligence Perpetual Large<V4.34.3

Location Intelligence Perpetual Medium<V4.34.3

Location Intelligence Perpetual Non-Prod<V4.34.3

Location Intelligence Perpetual Small<V4.34.3

Location Intelligence SUS Large<V4.34.3

Location Intelligence SUS Medium<V4.34.3

Location Intelligence SUS Non-Prod<V4.34.3

Location Intelligence SUS Small<V4.34.3

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to Location Intelligence using firewalls; ensure the application is not reachable from the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Location Intelligence Perpetual and SUS (all variants: Large, Medium, Non-Prod, Small) to version 4.3 or later from Siemens Online Software Delivery (OSD)

Long-term hardening

0/2

HARDENINGIsolate Location Intelligence system from business networks using air gaps, VLANs, or network segmentation

HARDENINGIf remote access to Location Intelligence is required, enforce access through a Virtual Private Network (VPN) with current security patches and strong authentication

CVEs (1)

CVE-2024-23816

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/325c475c-7656-4f0f-be32-4cfc454e1a54