OTPulse
FeedAboutContact

Siemens Automation License Manager

Monitor5.9ICS-CERT ICSA-21-222-02Aug 10, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

A vulnerability in Siemens Automation License Manager can be triggered by sending specially crafted packets to port 4410/TCP, causing a denial-of-service that prevents legitimate users from accessing the license management system. Affected versions are all of version 5 and version 6 prior to SP9 Update 2. While attack complexity is high and no public exploits are known, the vulnerability is remotely exploitable without authentication. Siemens released a fix for version 6 but version 5 will not be patched.

What this means
What could happen
An attacker can send crafted packets to port 4410 on the Automation License Manager, causing it to become unavailable and preventing legitimate users from accessing engineering tools and license management functions.
Who's at risk
Siemens Automation License Manager users in manufacturing plants, utilities, and facilities management who rely on the license management service to enable engineering workstations and control system software. This affects organizations running either version 5 or version 6 of the product.
How it could be exploited
An attacker with network access to port 4410/TCP on the Automation License Manager can send specially crafted packets that cause the service to crash or stop responding. This is a denial-of-service attack that does not require authentication or user interaction.
Prerequisites
  • Network access to port 4410/TCP on the Automation License Manager
  • Remote connections must be enabled on the target system
remotely exploitableno authentication requiredhigh attack complexitydenial-of-service impactversion 5 has no fix available
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (2)
1 with fix1 EOL
ProductAffected VersionsFix Status
Automation License Manager 6<V6.0 SP9 Update 26.0 SP9 Update 2
Automation License Manager 5All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDDisable 'Allow Remote Connections' on the Automation License Manager settings menu if remote access is not required
WORKAROUNDRestrict network access to port 4410/TCP to only trusted systems using firewall rules
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

Automation License Manager 6
HOTFIXUpdate Automation License Manager 6 to version 6.0 SP9 Update 2 or later
Mitigations - no patch available
0/2
Automation License Manager 5 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGPlace Automation License Manager behind a firewall and isolate from business networks
HARDENINGEnsure Automation License Manager is not directly accessible from the Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/58be7aed-cb09-43f5-a7b9-7e4145cb96da
Siemens Automation License Manager | CVSS 5.9 - OTPulse