CVE-2025-30034
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-20
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | simatic_rtls_locating_manager | to 3.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30034 is a vulnerability in SIMATIC RTLS Locating Manager versions prior to 3.3 where the software does not properly validate input sent to its listening port on the local loopback interface. This improper input validation allows an unauthenticated local attacker to cause a denial of service (DoS) condition by exploiting this weakness. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an unauthenticated local attacker to cause a denial of service (DoS) condition on the affected system. This means the attacker could disrupt the normal operation of the SIMATIC RTLS Locating Manager, potentially causing downtime or loss of service. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update SIMATIC RTLS Locating Manager to version 3.3 or later. Additionally, protect network access to devices using appropriate security mechanisms and configure environments according to Siemens' operational guidelines for Industrial Security. [1]