Siemens Automation License Manager Vulnerabilities

CVEs (3)

Remediations

• Siemens has released ALM Version V5.3 SP3 Update 1, which fixes the vulnerabilities. Siemens strongly recommends users to update to the new version. It can be found on the Siemens web site at the following location: (https://support.industry.siemens.com/cs/ww/en/view/114358)
• Siemens recommends only allowing connections from the local subnet to the ALM default Port 4410/TCP and blocking requests from other networks. These products should only be operated within trusted networks.
• Siemens strongly recommends that users protect network access PC-based automation systems with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ operational guidelines for industrial security: (https://www.siemens.com/cert/operational-guidelines-industrial-security)
• For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-284342 at the following location: (http://www.siemens.com/cert/advisories)

Affected Vendors

Affected Products (1)