CVE-2025-40751

MEDIUM

Siemens Simatic Rtls Locating Manager - Insufficiently Protected Cr...

Title source: rule

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-707630.html

Scores

CVSS v3 6.3

EPSS 0.0002

EPSS Percentile 6.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (1)

siemens/simatic_rtls_locating_manager < 3.3

Published Aug 12, 2025

Tracked Since Feb 18, 2026