CVE-2020-10049

Published: Sep 9, 2020Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.

Affected (1)

Products: Siemens: Simatic Rtls Locating Manager

1 product

Simatic Rtls Locating Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Rtls Locating Manager	Before 2.10.2

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.