Privilege Escalation Vulnerabilities in Siemens License Server Before V4.3

A low-privileged user on a machine running Siemens License Server could escalate their privileges or execute arbitrary code, potentially gaining control over license distribution and authorization services that protect Siemens engineering tools used in industrial automation environments.

Organizations running Siemens License Server (SLS) to manage licenses for Siemens automation engineering tools (such as TIA Portal, Step 7, or PLCSIM). This affects companies using Siemens PLCs, HMIs, or SCADA systems in manufacturing, water treatment, power distribution, or other industrial environments. License servers are often centralized infrastructure shared across engineering departments.

An attacker with a local user account on the License Server machine would need to interact with the vulnerable License Server process (likely through a malicious file or UI interaction). The vulnerability combines improper access control (CWE-269) and certificate validation issues (CWE-295) to allow privilege escalation to system or service account level, from which they could modify license data or execute commands affecting dependent automation systems.