Siemens INTRALOG WMS

Plan PatchCVSS 8.7ICS-CERT ICSA-25-135-02May 13, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

INTRALOG WMS before V5 is affected by multiple vulnerabilities in the Microsoft .NET implementation, including improper input validation (CWE-20), uncontrolled resource consumption (CWE-400), use-after-free memory errors (CWE-416), path traversal (CWE-59), cleartext transmission (CWE-319), and insufficient validation of array indexes (CWE-407). An attacker with network access could exploit these to execute arbitrary code or cause denial of service. Siemens has released version V5 with fixes and recommends immediate update to this version or later.

What this means

What could happen

Multiple vulnerabilities in INTRALOG WMS before V5 could allow an attacker with network access to execute arbitrary code or perform unauthorized actions on the warehouse management system, potentially disrupting inventory management, picking operations, or shipping workflows.

Who's at risk

Warehouse operations teams relying on INTRALOG WMS for inventory management, order fulfillment, and shipping workflows should prioritize this update. Any facility using INTRALOG WMS versions before V5 (including older deployments, pilot systems, or legacy instances) is affected.

How it could be exploited

An attacker on the network could send specially crafted requests to INTRALOG WMS (versions before V5) that exploit weaknesses in the .NET implementation (improper input validation, resource exhaustion, memory safety issues, or path traversal). Successful exploitation could result in code execution with the privileges of the INTRALOG WMS service.

Prerequisites

Network access to INTRALOG WMS service
INTRALOG WMS version before V5 deployed and accessible from attacker's network
No authentication required for exploitation

remotely exploitableno authentication requiredaffects logistics/warehouse operationsmultiple vulnerability classes (input validation, resource exhaustion, memory safety)

Exploitability

Some exploitation risk — EPSS score 4.4%

Affected products (1)

ProductAffected VersionsFix Status

INTRALOG WMS< V55+ version

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to INTRALOG WMS services using firewall rules; only allow connections from authorized warehouse management terminals and backend systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate INTRALOG WMS to version V5 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate INTRALOG WMS from untrusted networks and non-warehouse systems

CVEs (8)

CVE-2024-0056 CVE-2024-20672 CVE-2024-30105 CVE-2024-35264 CVE-2024-38081 CVE-2024-38095 CVE-2024-43483 CVE-2024-43485

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c8d41385-b9ec-48bd-8ce9-e603829dadb0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.