CVE-2025-40746: Critical Vulnerability Found in Siemens SIMATIC RTLS Locating Manager
Ddos 
Siemens ProductCERT has issued a high-severity security advisory (SSA-493787) warning of a critical vulnerability in its SIMATIC RTLS Locating Manager prior to version 3.2. The flaw, tracked as CVE-2025-40746, carries a CVSS v3.1 base score of 9.1, indicating the potential for severe impact if exploited.
According to Siemens, “SIMATIC RTLS Locating Manager before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges.” The affected software is responsible for configuring, operating, and maintaining SIMATIC RTLS, a real-time wireless locating system widely used for flexible, cost-effective asset tracking in industrial environments.
The core issue lies in how the product processes a backup script. “Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with ‘NT Authority/SYSTEM’ privileges,” the advisory explains. This level of access could give attackers full control over the underlying system, potentially allowing them to alter configurations, disrupt operations, or pivot to other parts of the network.
All versions of SIMATIC RTLS Locating Manager before V3.2 are affected. Siemens urges customers to “update to V3.2 or later version” and provides the necessary update package via its support portal.
In addition to patching, Siemens stresses the importance of strong security practices, recommending customers “protect network access to devices with appropriate mechanisms” and configure operational environments according to its Industrial Security guidelines.
Related Posts:
- CVE-2024-35783 (CVSS 9.4): Critical-Severity Flaw Exposes Siemens Industrial Systems
- Siemens SIMATIC PLC exists DoS flaw
- Urgent Siemens Update: Addressing SIMATIC’s Near-Perfect CVSS Scores
- CVE-2024-32741 (CVSS 10): Siemens SIMATIC CN 4100 Critical Vulnerability Exposed
- VMware Sues Siemens: Unlicensed Software Use Alleged
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
