Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2020-15791 – Siemens SIMATIC S7-300 and S7-400 CPUs
September 9, 2020
Rewterz
Rewterz Threat Advisory – CVE-2020-8758 – Security Updates for Intel AMT and Intel ISM
September 9, 2020

Rewterz Threat Advisory – Siemens SIMATIC RTLS Locating Manager

Severity

High

Analysis Summary

CVE-2020-10049

The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.

CVE-2020-10050

The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.

CVE-2020-10051

Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are executed instead of the legitimate service.

Impact

  • Incorrect Default Permissions 
  • Unquoted Search Path or Element

Affected Vendors

Siemens

Affected Products

SIMATIC RTLS Locating Manager
all versions prior to v2.10.2

Recommendation

Siemens recommends that users apply the update of the SIMATIC RTLS Locating Manager: v2.10.2