Siemens License Server (SLS)

MonitorCVSS 6.7ICS-CERT ICSA-25-100-01Apr 8, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

Siemens License Server (SLS) before version 4.3 contains privilege escalation and arbitrary code execution vulnerabilities exploitable by low-privileged local users. The vulnerabilities involve weak permission checks and certificate validation issues (CWE-269, CWE-295). These vulnerabilities are not remotely exploitable and require local access and high attack complexity. Siemens has released SLS version 4.3 as a fix.

What this means

What could happen

A low-privileged user with local access to the License Server could escalate their privileges or execute arbitrary code, potentially allowing an insider to gain full control of the licensing system and disrupt software licensing for Siemens automation tools across your engineering environment.

Who's at risk

Siemens engineering departments and automation software licensing teams running the License Server (SLS) for SIMATIC, TIA Portal, or other Siemens tools. This affects organizations that centralize software licensing for engineering workstations that may control industrial processes.

How it could be exploited

An attacker with local access to the License Server machine (physical console, RDP, or SSH) could exploit the privilege escalation vulnerability by leveraging weak permission checks or certificate validation issues to run code with higher privileges, potentially gaining system-level control.

Prerequisites

Local access to the License Server machine (console, RDP, or similar)
Low-privileged user account on the License Server
User interaction may be required (e.g., clicking a malicious link or opening a file)

Local privilege escalation possibleArbitrary code execution on licensing serverInsider threat vectorAffects software licensing infrastructure supporting OT engineering

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

License Server (SLS)<V4.34.3

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local access to the License Server machine to authorized administrators only, disabling unnecessary remote access protocols

HARDENINGApply principle of least privilege: ensure only necessary users have accounts on the License Server, and those accounts have minimal required permissions

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siemens License Server to version 4.3 or later

Long-term hardening

0/1

HARDENINGPlace the License Server behind a firewall and on a network segment separate from business IT networks; ensure it is not accessible from the internet

CVEs (2)

CVE-2025-29999 CVE-2025-30000

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b1fed5fc-80d4-4ce5-87e6-77c1e87b19d8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.