CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...

CISA Releases Twelve Industrial Control Systems Advisories

CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

Sewio RTLS Studio

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sewio Equipment: RTLS Studio Vulnerabilities: Use of Hard-coded Password, OS Command Injection, Out-of-bounds Write, Cross-Site Request Forgery, Improper Input Validation, Cross-site Scripting 2. RISK...

RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering

Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband UWB Real-time Locating Systems RTLS, enabling threat actors to launch adversary-in-the-middle AitM attacks and tamper with location data. "The zero-days found specifically pose a security risk for workers in industrial...

Siemens SIMATIC RTLS Locating Manager Denial of Service Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A denial of service vulnerability exists in Siemens SIMATIC RTLS Locating Manager, which arises from the application's inabilit...

Siemens SIMATIC RTLS Locating Manager Sensitive Information Explicit Storage Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS units, a real-time wireless positioning system that provides positioning solutions.A security vulnerability exists in Siemens SIMATIC RTLS Locating Manager, which stems from the fact that the application writes...

Siemens SIMATIC RTLS Locating Manager Log Information Disclosure Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS units, a real-time wireless location system that provides location solutions.A log information disclosure vulnerability exists in Siemens SIMATIC RTLS Locating Manager, which stems from the fact that applicatio...

CVE-2020-10054

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attack...

CVE-2020-10054

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...

CVE-2020-10052

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks...

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attack...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attack...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks...

CVE-2020-10054

CVE-2020-10054 affects Siemens SIMATIC RTLS Locating Manager (all versions

CVE-2020-10054

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...

CVE-2020-10053

CVE-2020-10053 affects Siemens SIMATIC RTLS Locating Manager prior to version 2.12. The vulnerability stems from the application writing sensitive data, such as database credentials, in configuration files, enabling a local attacker with access to those files to leverage the information for furth...

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attack...