Siemens Mitigates ALM Vulnerabilities
Wednesday, October 12, 2016 @ 08:10 AM gHale
Siemens issued an update to its Automation License Manager (ALM) that fixes three vulnerabilities, according to a report by Siemens ProductCERT.
One of the vulnerabilities could allow a remote attacker to obtain write access to the hard disk.
All versions of Automation License Manager under V5.3 SP3 Update 1 suffer from the issues.
The Automation License Manager (ALM) centrally manages license keys for various Siemens software products. Software products requiring license keys automatically report this requirement to the ALM. When the ALM finds a valid license key for this software, the software can end up used in conformity with the end user license agreement.
Specially crafted packets sent to port 4410/TCP could cause a Denial-of-Service of the ALM service. To recover, the service needs to be restarted manually. CVE-2016-8563 is the case number for the vulnerability, which has a CVSS base score of 7.5.
A SQL Injection vulnerability could allow a remote attacker with access to port 4410/TCP to read and write configuration settings of the Automation License Manager (ALM). CVE-2016-8564 is the case number for the vulnerability, which has a CVSS base score of 6.5.
A remote attacker could use specially crafted packets to upload files to the hard disk, create or delete directories or move existing files on the hard disk. CVE-2016-8565 is the case number for the vulnerability, which has a CVSS base score of 9.1. Automation License Manager version 5.3 SP3 does not suffer from this vulnerability.
By default, during the installation the Windows firewall the configuration only allow connections from the local subnet to the ALM default port 4410/TCP and requests from other networks end up blocked. Siemens recommends operating the devices only within trusted networks.
Siemens provides Automation License Manager (ALM) version V5.3 SP3 Update 1 which fixes the vulnerabilities.
Sergey Temnikov and Vladimir Dashchenko, Critical Infrastructure Defence Team and Kaspersky Lab coordinated disclosure of the vulnerabilities.
Click here for an overview of the operational guidelines for Industrial Security with the cell protection concept.
Click here for information about Industrial Security by Siemens.