CVE-2025-40746 is a critical vulnerability identified in Siemens SIMATIC RTLS Locating Manager versions prior to 3.2. The root cause is improper input validation (CWE-20) in a backup script component of the application. Specifically, the affected versions do not adequately sanitize or validate input parameters passed to the backup script, which can be exploited by an authenticated attacker with high privileges within the application. Exploitation allows the attacker to execute arbitrary code with NT Authority/SYSTEM privileges, effectively granting full control over the underlying Windows system hosting the application. The vulnerability is remotely exploitable over the network without requiring user interaction, and the scope is significant as it impacts confidentiality, integrity, and availability of the affected system. The CVSS v3.1 score is 9.1 (critical), reflecting the ease of exploitation (low attack complexity), the requirement for high privileges but no user interaction, and the complete compromise of the system. No known public exploits have been reported yet, but the severity and nature of the vulnerability make it a high-risk target for attackers aiming to gain persistent, high-level access to industrial control environments managed by Siemens SIMATIC RTLS Locating Manager.

For European organizations, the impact of this vulnerability can be severe, especially for those operating in critical infrastructure sectors such as manufacturing, energy, transportation, and logistics where Siemens SIMATIC RTLS Locating Manager is deployed for real-time location tracking and asset management. Successful exploitation could lead to full system compromise, enabling attackers to manipulate or disrupt industrial processes, steal sensitive operational data, or cause downtime. Given the SYSTEM-level privileges gained, attackers could also pivot to other network segments, escalate privileges further, or deploy ransomware and other malware. The breach of such industrial control systems could have cascading effects on supply chains and public safety. Additionally, regulatory frameworks in Europe, such as the NIS Directive and GDPR, impose strict requirements on protecting critical infrastructure and personal data, meaning exploitation could result in significant legal and financial consequences.

1. Immediate upgrade to Siemens SIMATIC RTLS Locating Manager version 3.2 or later, where the vulnerability is addressed. 2. If patching is not immediately possible, restrict access to the application to trusted administrators only and enforce network segmentation to limit exposure. 3. Implement strict access controls and monitor for unusual activity from users with high privileges within the application. 4. Employ application-layer input validation and filtering where possible to detect and block malicious input targeting the backup script. 5. Conduct regular audits of user privileges and review logs for signs of exploitation attempts. 6. Use endpoint detection and response (EDR) solutions on hosts running the application to detect suspicious code execution or privilege escalation. 7. Coordinate with Siemens support for any available workarounds or mitigations until patches are applied.