Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2

An attacker with valid credentials could run arbitrary code on the RTLS locating system with elevated privileges, potentially disrupting real-time location tracking of equipment and personnel in your facility.

Facility managers and engineers using SIMATIC RTLS (Real-Time Locating System) for tracking equipment and personnel in manufacturing plants, warehouses, and large industrial facilities. This affects any organization relying on Siemens' location tracking infrastructure for operational awareness or safety compliance.

An attacker with valid engineering or administrative credentials sends specially crafted input to the Locating Manager over the network. The manager fails to properly validate the input and executes arbitrary code with high privileges, allowing the attacker to compromise the system and control location tracking operations.