Siemens INTRALOG WMS

Plan Patch8.7ICS-CERT ICSA-25-135-02May 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

INTRALOG WMS versions before V5 contain multiple vulnerabilities in the Microsoft .NET implementation that could allow remote attackers to execute code or access sensitive data without authentication. The vulnerabilities include cleartext transmission of sensitive data (CWE-319), denial of service conditions (CWE-400), use-after-free memory issues (CWE-416), and input validation weaknesses (CWE-20).

What this means

What could happen

Multiple vulnerabilities in INTRALOG WMS allow an attacker to potentially execute code or access sensitive data on the warehouse management system, disrupting inventory operations and order fulfillment.

Who's at risk

Warehouse and logistics operations relying on Siemens INTRALOG WMS for inventory management and order fulfillment. This affects any municipal or utility organization using INTRALOG WMS for warehouse operations, particularly those with pre-V5 deployments.

How it could be exploited

An attacker on the network could exploit these .NET implementation flaws to gain unauthorized access or execute arbitrary code on the INTRALOG WMS server. The high complexity requirement (AC:H in the CVSS vector) suggests the attacker needs specific conditions or detailed knowledge to succeed, but network access alone is sufficient to attempt exploitation.

Prerequisites

Network access to the INTRALOG WMS system
INTRALOG WMS version prior to V5 deployed
No authentication credentials required to initiate exploitation

Remotely exploitableNo authentication requiredHigh complexity attack (requires specific conditions)High CVSS score (8.7)

Exploitability

Moderate exploit probability (EPSS 4.4%)

Affected products (1)

ProductAffected VersionsFix Status

INTRALOG WMS< V55 or later version

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to INTRALOG WMS systems using firewall rules and network segmentation to limit exposure

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate INTRALOG WMS to version V5 or later

Long-term hardening

0/1

HARDENINGConfigure network environment according to Siemens operational guidelines for industrial security

CVEs (8)

CVE-2024-0056 CVE-2024-20672 CVE-2024-30105 CVE-2024-35264 CVE-2024-38081 CVE-2024-38095 CVE-2024-43483 CVE-2024-43485

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c8d41385-b9ec-48bd-8ce9-e603829dadb0