OTPulse
FeedAboutContact

Siemens Automation License Manager

Act Now8.6ICS-CERT ICSA-24-256-06Sep 10, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in Siemens Automation License Manager can be triggered by sending specially crafted network packets to port 4410/tcp. The vulnerability causes an integer overflow (CWE-190) that crashes the license manager service, resulting in denial-of-service. The affected products are: V5 (all versions, no fix planned), V6.0 (fixed in SP12 Upd3), and V6.2 (fixed in Upd3).

What this means
What could happen
An attacker could send crafted network packets to the license manager port and cause it to crash, preventing engineers from accessing licensing services and potentially disrupting software deployments or updates to production automation systems.
Who's at risk
This affects any organization using Siemens Automation License Manager for software licensing and asset management in industrial automation environments. Primary concern is for facilities running V5 (no fix planned) or V6.0 (no fix planned) where license services are critical to engineering workflows and system deployments.
How it could be exploited
An attacker with network access to port 4410/tcp on the Automation License Manager can send specially crafted packets that trigger an integer overflow condition, crashing the service and denying access to licensed Siemens automation software.
Prerequisites
  • Network access to port 4410/tcp on the Automation License Manager
  • No authentication required
remotely exploitableno authentication requiredlow complexityhigh EPSS score (13.8%)no patch available for V5 and V6.0
Exploitability
High exploit probability (EPSS 13.8%)
Affected products (3)
2 with fix1 EOL
ProductAffected VersionsFix Status
Automation License Manager V6.0<V6.0 SP12 Upd36.0 SP12 Upd3
Automation License Manager V6.2<V6.2 Upd36.2 Upd3
Automation License Manager V5All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDDisable 'Allow Remote Connections' in the Automation License Manager settings menu
WORKAROUNDRestrict network access to port 4410/tcp to trusted systems only using firewall rules
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

Automation License Manager V6.2
HOTFIXUpdate Automation License Manager V6.2 to V6.2 Upd3 or later
Automation License Manager V6.0
HOTFIXUpdate Automation License Manager V6.0 to V6.0 SP12 Upd3 or later if upgrading from V5 is not feasible
Mitigations - no patch available
0/1
Automation License Manager V5 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate the Automation License Manager on a separate network segment from business networks and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/91977953-85cf-4251-b170-560706dae7b8
Siemens Automation License Manager | CVSS 8.6 - OTPulse