Siemens has updates fixing two vulnerabilities in its Automation License Manager, according to a report with Siemens ProductCERT.
One of the vulnerabilities could allow an attacker to execute arbitrary code on the target device, and the other could allow an attacker to abuse the target system for basic network scanning. Vladimir Dashchenko from Kaspersky Lab discovered the vulnerabilities.
The vulnerabilities affect:
• Automation License Manager 5: All versions < 22.214.171.124 • Automation License Manager 6: All versions < 6.0.1 only affected by CVE-2018-11455 Automation License Manager (ALM) centrally manages license keys for various Siemens software products. Software products requiring license keys automatically report this requirement to the ALM. When the ALM finds a valid license key for this software, the software can end up used in conformity with the end user license agreement. A directory traversal vulnerability (CVE-2018-11455) could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required. The vulnerability has a CVSS base score 8.8. There were no known exploits of this vulnerability. In another vulnerability (CVE-2018-11456), an attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device. The vulnerability has a CVSS base score of 5.3. There were no public exploits of this vulnerability. • For Automation License Manager 5, users should update to V126.96.36.199
• Automation License Manager 6, users should update to V6.0.1
Siemens has identified the following specific workarounds and mitigations to reduce the risk: Restrict network access as far as possible.
As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security.
Click here for additional information on Industrial Security by Siemens.