Main Vulnerability Database SB2025100219

SB2025100219 - Multiple vulnerabilities in Siemens SIMATIC RTLS Locating Manager

Published: October 2, 2025

Security Bulletin ID SB2025100219

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Reachable assertion (CVE-ID: CVE-2025-30034)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within loopback interface. A local attacker can cause a denial of service condition on the target system.

2) Insufficiently protected credentials (CVE-ID: CVE-2025-40751)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A local user can extract the credentials and use them to escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://cert-portal.siemens.com/productcert/html/ssa-707630.html