Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Monitor6.3SSA-707630Aug 12, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in SIMATIC RTLS Locating Manager versions before 3.3 allow a local user with low privileges to read sensitive data, modify system information, and potentially degrade system availability. The issues stem from weak credential handling (CWE-522) and session management problems (CWE-617).
What this means
What could happen
An attacker with local access to a SIMATIC RTLS Locating Manager system could read sensitive data, modify system settings or data, or degrade availability of the real-time location tracking system that facilities depend on to monitor equipment and personnel location.
Who's at risk
Facilities and plant managers using SIMATIC RTLS Locating Manager for real-time asset and personnel tracking, particularly manufacturing plants, warehouses, and other operations that rely on the system for safety-critical location awareness or operational visibility.
How it could be exploited
An attacker with local user credentials or physical access to the SIMATIC RTLS Locating Manager server could exploit privilege escalation or weak credential storage to gain elevated access and read configuration data, modify tracking settings, or disrupt location services.
Prerequisites
- Local user account on SIMATIC RTLS Locating Manager system
- Low privilege access (PR:L per CVSS)
Local access requiredLow complexity exploitation
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC RTLS Locating Manager< 3.33.3
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC RTLS Locating Manager to version 3.3 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8c23fa67-84bc-4a5f-854f-601a9c966d19