Siemens Automation License Manager Vulnerabilities

Act NowICS-CERT ICSA-11-361-01Sep 29, 2011

Summary

Siemens Automation License Manager versions 4.0 through 5.1 SP1 Update 1 and 2.0 through 5.1 SP1 Update 2 contain buffer overflow (CWE-119), improper input validation (CWE-20), and path traversal (CWE-22) vulnerabilities. These flaws could allow an unauthenticated attacker with network access to the license manager service to execute arbitrary code on the license server.

What this means

What could happen

An attacker who gains access to the Automation License Manager could exploit buffer overflow or input validation flaws to run arbitrary code on the license server, potentially disrupting license validation for all connected engineering workstations and automation controllers across your facility.

Who's at risk

This affects any facility using Siemens Automation License Manager versions 4.0 through 5.1 SP1 Update 1 (or 2.0 through 5.1 SP1 Update 2 for broader coverage). The license server is typically located on an engineering network and is essential for operating Siemens TIA Portal, S7-1200, S7-1500, and other Siemens programmable logic controllers (PLCs). Utilities and manufacturers with centralized license management are at risk if the license server is reachable from untrusted networks.

How it could be exploited

An attacker with network access to the Automation License Manager could send a specially crafted input that triggers a buffer overflow (CWE-119), path traversal (CWE-22), or input validation bypass (CWE-20). If exploited, this could allow code execution on the license server without requiring authentication.

Prerequisites

Network access to the Automation License Manager service port
No authentication required based on CWE patterns indicating input validation bypass

remotely exploitableno authentication requiredlow complexityhigh EPSS score (14.9%)affects automation system availability

Exploitability

High exploit probability (EPSS 14.9%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Automation License Manager: >=4.0|<5.1+SP1+Upd1≥ 4.0|<5.1+SP1+Upd1No fix (EOL)

Automation License Manager: >=2.0|<5.1+SP1+Upd2≥ 2.0|<5.1+SP1+Upd2No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGImplement strict network access controls: restrict inbound connections to the Automation License Manager to only authorized engineering workstations and automation systems that require license validation

WORKAROUNDDeploy a firewall rule to block any direct external access to the Automation License Manager port; ensure license validation traffic is isolated on your engineering network segment

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Automation License Manager: >=4.0|<5.1+SP1+Upd1, Automation License Manager: >=2.0|<5.1+SP1+Upd2. Apply the following compensating controls:

HARDENINGSegment the license server on a separate network from operational plant floor systems to prevent lateral movement if the server is compromised

CVEs (4)

CVE-2011-4529 CVE-2011-4530 CVE-2011-4531 CVE-2011-4532

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ac31daa-6d75-4017-9046-6da4f664a7a3