Siemens License Server (SLS)

Monitor6.7ICS-CERT ICSA-25-100-01Apr 8, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

Siemens License Server versions before 4.3 contain vulnerabilities in permission handling and certificate validation (CWE-269, CWE-295) that allow a local user with low privileges to escalate to administrator level or execute arbitrary code. The attack requires local access to the system and user interaction, with high complexity. No public exploitation has been reported. The vulnerabilities are not remotely exploitable.

What this means

What could happen

A low-privileged user on a system running the License Server could gain administrator access or run arbitrary commands, potentially allowing them to modify, disable, or disrupt Siemens software licensing on the host system.

Who's at risk

Organizations using Siemens License Server in engineering environments, particularly those with multiple users or shared workstations. This affects any facility running Siemens industrial software (STEP 7, TIA Portal, Automation Designer, etc.) that requires license management, including manufacturing plants, water utilities, power systems, and building automation installations.

How it could be exploited

An attacker with local user access to a machine running Siemens License Server (SLS) could exploit improper permission handling or SSL/certificate validation weaknesses to escalate to administrator privileges. Once elevated, they could execute arbitrary code with full system access, affecting any Siemens applications that depend on this licensing service.

Prerequisites

Local user account on the host system running SLS
User interaction or specific conditions required (high attack complexity)
SLS version before 4.3

Local exploitation requiredLow privilege access sufficientHigh attack complexityPrivilege escalation and code executionAffects software licensing infrastructure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

License Server (SLS)<V4.34.3

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local user access to systems running SLS to authorized personnel only; enforce strong access controls and account management

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siemens License Server to version 4.3 or later

Long-term hardening

0/1

HARDENINGIsolate systems running SLS from business networks behind firewalls; ensure they are not accessible from the internet or untrusted networks

CVEs (2)

CVE-2025-29999 CVE-2025-30000

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b1fed5fc-80d4-4ce5-87e6-77c1e87b19d8