Siemens SIMATIC RTLS Locating Manager
Act Now10ICS-CERT ICSA-24-137-07May 14, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SIMATIC RTLS Locating Manager versions prior to 3.0.1.1 contain multiple input validation, error handling, and resource management weaknesses (CWE-20, CWE-754, CWE-400, CWE-834, CWE-770) that allow unauthenticated remote code execution. The vulnerabilities also include insufficient encryption (CWE-311, CWE-319), insecure deserialization (CWE-494), weak credential storage (CWE-321), and improper access controls (CWE-732). An attacker on the network can exploit these flaws to run arbitrary code on the Windows Server hosting the Locating Manager, compromising the confidentiality, integrity, and availability of the real-time location tracking system.
What this means
What could happen
An attacker with network access to the RTLS Locating Manager could execute arbitrary commands on the Windows Server hosting the system, potentially disrupting real-time location tracking for assets in your facility and compromising the integrity of location data used by operational processes.
Who's at risk
This affects any organization using Siemens SIMATIC RTLS (Real-Time Locating System) Locating Manager for asset tracking in manufacturing facilities, warehouses, or logistics operations. Any facility relying on real-time location data for process automation or safety-critical operations should prioritize this update.
How it could be exploited
An attacker on the network can send specially crafted requests to the RTLS Locating Manager service without authentication, exploiting input validation weaknesses and resource handling flaws to achieve remote code execution on the Windows Server hosting the application.
Prerequisites
- Network access to the Windows Server hosting RTLS Locating Manager
- No authentication required
remotely exploitableno authentication requiredlow complexityhigh EPSS score (26.8%)affects locating and tracking systems
Exploitability
High exploit probability (EPSS 26.8%)
Affected products (7)
7 with fix
ProductAffected VersionsFix Status
SIMATIC RTLS Locating Manager (6GT2780-0DA00)<V3.0.1.13.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA10)<V3.0.1.13.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA20)<V3.0.1.13.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA30)<V3.0.1.13.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA10)<V3.0.1.13.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA20)<V3.0.1.13.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA30)<V3.0.1.13.0.1.1
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDRestrict network access to the Windows Server running RTLS Locating Manager with a firewall; ensure no ports are exposed to untrusted networks
HARDENINGInstall RTLS Locating Manager components on a single host where possible and grant access only to trusted personnel
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC RTLS Locating Manager to version 3.0.1.1 or later using Siemens Online Software Delivery (OSD)
Long-term hardening
0/2HARDENINGApply Windows Server security hardening according to corporate policy or current hardening guidelines
HARDENINGSegment the RTLS Locating Manager network from business networks and untrusted external networks
CVEs (21)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a870b046-fe81-4412-b4d6-9b85fa5de87b