Siemens Automation License Manager DoS Vulnerability (SA-103653) Advisory

Key Information Vulnerability Description Vulnerability ID: SSA-103653 Vulnerability Type: Denial-of-Service (DoS) Vulnerability Affected Product: Automation License Manager Affected Versions: V5, V6.0, V6.2 < Upd3 Description: The application does not properly validate certain fields in network packets, allowing unauthorized remote attackers to cause integer overflow and crash the application. This could lead to service disruption, affecting subsequent products that rely on this application for license validation. CVSS Scores CVSS v3.1 Base Score: 8.6 CVSS v4.0 Base score: 9.2 Impact Scope Affected Product: Automation License Manager V5, V6.0, V6.2 < Upd3 Affected Versions: All affected versions Solution Recommendation: Upgrade to V6.2 Upd3 or later. Workaround: Upgrade to V6.2 Upd3 or later. Mitigation: Upgrade to V6.2 Upd3 or later. Workaround and Mitigation Workaround: Upgrade to V6.2 Upd3 or later. Mitigation: Upgrade to V6.2 Upd3 or later. General Security Recommendations Recommendation: Disable "Allow remote connections" in the affected application. Mitigation: If remote connections are required, restrict remote access to port 4410/tcp to trusted systems only. General Security Measures Recommendation: Configure the environment in accordance with Siemens’ industrial security operational guidelines. Mitigation: Follow the recommendations in the product manual. Product Description Product: Automation License Manager Versions: V5, V6.0, V6.2 < Upd3 Certification Certification: Coordinated disclosure by Tenable. Additional Information Contact: Siemens ProductCERT: https://www.siemens.com/cert/advisories Historical Data Version: V1.0 (2024-09-10): Release Date Terms and Usage Terms: Siemens Security Advisories are subject to Siemens’ license terms or applicable agreements. Where applicable, the terms of the Siemens Security Advisory shall take precedence over the terms of Siemens’ global website.

Goal Reached Thanks to every supporter — we hit 100%!

Siemens Automation License Manager DoS Vulnerability (SA-103653) Advisory