Siemens SIMATIC RTLS Locating Manager

Plan PatchCVSS 9.1ICS-CERT ICSA-25-226-13Aug 12, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SIMATIC RTLS Locating Manager versions before 3.2 contain an improper input validation vulnerability. An authenticated remote attacker with high privileges could exploit this to execute arbitrary code on the system. Siemens has released version 3.2 with a fix.

What this means

What could happen

An authenticated attacker with high privileges could inject malformed input to execute arbitrary code on the RTLS Locating Manager, potentially disrupting real-time location services for personnel, assets, or emergency response operations across the facility.

Who's at risk

This vulnerability affects Siemens SIMATIC RTLS (Real-Time Locating System) Locating Manager, which is used in manufacturing, warehouse, and facility operations for tracking personnel, assets, and equipment in real time. Any organization using RTLS for safety-critical applications (emergency response coordination, hazardous area personnel tracking) or mission-critical asset management should prioritize this update.

How it could be exploited

An attacker with valid engineering or administrative credentials could send a specially crafted input to the RTLS Locating Manager over the network. The improper input validation would allow the malicious payload to be processed, resulting in arbitrary code execution with the privileges of the application.

Prerequisites

Valid engineering or administrative credentials for RTLS Locating Manager
Network access to the RTLS Locating Manager application port
RTLS Locating Manager running version prior to 3.2

remotely exploitablerequires high-level credentialslow complexity exploitationimproper input validationcode execution as high-privilege user

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC RTLS Locating Manager< 3.23.2

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the RTLS Locating Manager to only authorized engineering workstations and control system networks using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC RTLS Locating Manager to version 3.2 or later

Long-term hardening

0/2

HARDENINGSegment the RTLS Locating Manager behind a firewall, isolating it from business/IT networks and the internet

HARDENINGIf remote access to RTLS Locating Manager is required, enforce access through a VPN with strong authentication rather than direct network exposure

CVEs (1)

CVE-2025-40746

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0d150f76-7546-4f5d-b0c0-e3a474c6a213

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.