CVE-2020-10051

Name of the Vulnerable Software and Affected Versions SIMATIC RTLS Locating Manager versions prior to V2.10.2

Description A issue has been identified where multiple services of the affected application are executed with SYSTEM privileges, and the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are executed instead of the legitimate service.

Recommendations For versions prior to V2.10.2, update to version V2.10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected services to minimize the risk of exploitation.