Mitigations for Siemens ALM Hole

Monday, December 17, 2012 @ 03:12 PM gHale


There are mitigations available for a vulnerability that impacts the Siemens Automation License Manager (ALM), according to a report on ICS-CERT.

Siemens ProductCERT identified an uncontrolled resource consumption vulnerability in the Siemens ALM, which sees use in license management by various Siemens software products. Siemens has produced a software update that fully resolves this remotely exploitable vulnerability.

RELATED STORIES
Siemens, Invensys Mitigations
RuggedCom Releases New ROS Version
Siemens Patches WinCC Holes
Honeywell Fixes HMIWeb Browser Hole

An attacker could exploit this vulnerability which would allow loss of availability of the system.

All Siemens software products that include ALM versions between 4.0 and 5.2 suffer from the issue. The following product lines have the vulnerability:
• SIMATIC (e.g., STEP 7)
• SIMATIC HMI (e.g., WinCC, WinCC flexible)
• SIMATIC PCS 7
• SIMOTION (e.g., Scout)
• SIMATIC NET
• SINAMICS (e.g., Starter)
• SIMOCODE.

Attackers could exploit the vulnerability to cause memory leakage within the software, which could eventually lead to a crash of the application. The denial of service (DoS) of the ALM could lead to a DoS of associated devices that use the ALM to verify active licenses.

ALM centrally manages licenses for various Siemens software products. The products contact ALM either locally or remotely to verify their license using a proprietary protocol. To enable this license verification, ALM listens on Port 4410/TCP by default. These products deploy across several sectors including energy, healthcare, and others worldwide.

An attacker can send maliciously crafted packets to Port 4410/TCP, which will cause a memory leakage and uncontrolled resource consumption, leading to a DoS. CVE-2012-4691 is the number assigned to this vulnerability, which has CVSS v2 base score of 7.8.

An attacker with a low skill would be able to exploit this vulnerability.

Siemens has an update that resolves this vulnerability and it can apply to all versions of ALM starting with version 4.0. Siemens recommends users to contact Siemens customer support to acquire the update.

Siemens recommends blocking traffic to Port 4410/TCP from external and remote connections.



Leave a Reply

You must be logged in to post a comment.