Security Experts:

Connect with us

Hi, what are you looking for?



Siemens License Manager Vulnerabilities Allow ICS Hacking

The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS).

The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS), according to industrial cybersecurity firm Otorio. 

On January 10, Siemens released its first round of Patch Tuesday updates for 2023, addressing a total of 20 vulnerabilities affecting the company’s products. 

One of the six advisories published at the time describes two high-severity security holes discovered by a researcher from Otorio in the Siemens Automation License Manager (ALM), which is designed for centrally managing license keys for Siemens software.

One of the flaws, tracked as CVE-2022-43513, can allow a remote, unauthenticated attacker to rename and move license files as a System user. 

The second issue, CVE-2022-43514, allows a remote, unauthenticated attacker to execute operations on files outside the specified root folder. Chaining the two vulnerabilities can lead to remote code execution, Siemens said.

In a blog post published on Tuesday, Otorio explained that most of Siemens’ software products use the ALM by default for license management. This means the vulnerabilities impact organizations that use one of many Siemens products, including the Simatic PCS 7 historian, the Sicam Device Manager, WinCC, TIA Portal, and the DIGSI engineering tool.

According to Otorio, an attacker who has gained access to the targeted organization’s operational technology (OT) network, even with limited permissions, could exploit the vulnerabilities to fully compromise the OT network.

“For example, the PCS 7 Historian, which is used as a repository for industrial process data, can be used as a ‘bridge’ for an attacker to propagate from the corporate network into the OT network. Once an attacker breaches the Historian server, one can potentially gain access to engineering, control, and monitoring systems,” explained Eran Jacob, research team leader at Otorio. 

“An attack could take place not only from the enterprise network. For example, any compromised station with minimal privileges in the network, such as a thin client computer that has access to one of the Siemens servers, could lead to a full compromise of the network,” Jacob added.

Siemens has released an update that should fix the flaws in ALM 6, but the company currently does not plan on releasing a patch for version 5. Workarounds and mitigations are also available. 

Related: Cybersecurity Experts Cast Doubt on Hackers’ ICS Ransomware Claims

Related: InHand Industrial Router Vulnerabilities Expose Internal OT Networks to Attacks

Related: Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).