Siemens has identified a vulnerability in its Automation License Manager that could allow remote attackers to exploit an integer overflow or wraparound issue. This vulnerability exists due to the improper validation of certain fields in incoming network packets on port 4410/tcp. Exploiting this vulnerability could result in a denial-of-service (DoS) condition, causing the application to crash and preventing legitimate users from using the system. The vulnerability affects all versions of Automation License Manager V5, V6.0, and versions of V6.2 prior to Update 3.
The risk of this vulnerability is significant, with a CVSS v4 base score of 9.2, reflecting a high severity level. An unauthenticated remote attacker could exploit the flaw with low attack complexity, potentially causing widespread disruption for users who rely on the system for license verification. The attack would prevent access to critical software and systems that depend on the Automation License Manager, which is used across various industries for managing licenses for Siemens automation products.
While Siemens has released an update for Automation License Manager V6.2 (Update 3) that addresses the vulnerability, no fixes are currently available for versions V5 and V6.0. To mitigate the risk, Siemens recommends disabling remote connections or, if remote access is required, limiting access to trusted systems only. Users of affected versions are urged to apply the latest available updates or workarounds as soon as possible to prevent exploitation of this flaw.
As a general security measure, Siemens advises users to follow its operational guidelines for industrial security and take steps to secure network access to devices. The company encourages users to configure their environments in accordance with these guidelines and to implement the recommended cybersecurity practices to reduce the risk of attack. Additionally, users can refer to Siemens’ industrial security webpage for further resources on maintaining secure operations and protecting critical infrastructure from cyber threats.
Reference:
