Research team from the Israeli company Otorio reported about several 0-day vulnerabilities in one of the software products of Siemens, in particular – Siemens Alm (Automation License Manager). This tool plays a key role in many enterprises to manage licenses of various industrial software solutions.
Otorio first notified Siemens of vulnerabilities last year, emphasizing their seriousness. At the beginning of this year, researchers described possible attack vectors and emphasized the need to eliminate them. The main fear was that the successful use of vulnerabilities could lead to significant damage.
Siemens Alm, although often combined with other Siemens products when installing, requires separate attention from users. The service works with systemic privileges and controls licenses in the system. Interaction is carried out through TCP Port 4410 without mandatory authentication.
One of the key vulnerabilities, CVE-2022-43513, allows attackers to move files inside the target Cars, which can lead to problems with the license. An even more serious threat is the vulnerability of CVE-2022-43514, which allows the attacking to bypass the cleaning of the ways and receive systemic-level privileges on the target system.
Operation of vulnerabilities can lead to remote code execution by multiple renaming and moving files. Attackers can replace and restart the executable ALM service file, actually grabbing control over the touched system.
Users are strongly recommended to update to the latest version of Automation License Manager. In addition, safety measures should be strengthened and Siemens recommendations to strengthen the system. It is also recommended to disable the ALM remote connection option.
Siemens Alm vulnerabilities remind of the importance of cybersecurity in critical industrial systems. Enterprises using this software solution require quick measures to prevent possible operation.