Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens License Manager Vulnerabilities Allow ICS Hacking

The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS).

The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS), according to industrial cybersecurity firm Otorio. 

On January 10, Siemens released its first round of Patch Tuesday updates for 2023, addressing a total of 20 vulnerabilities affecting the company’s products. 

One of the six advisories published at the time describes two high-severity security holes discovered by a researcher from Otorio in the Siemens Automation License Manager (ALM), which is designed for centrally managing license keys for Siemens software.

One of the flaws, tracked as CVE-2022-43513, can allow a remote, unauthenticated attacker to rename and move license files as a System user. 

The second issue, CVE-2022-43514, allows a remote, unauthenticated attacker to execute operations on files outside the specified root folder. Chaining the two vulnerabilities can lead to remote code execution, Siemens said.

In a blog post published on Tuesday, Otorio explained that most of Siemens’ software products use the ALM by default for license management. This means the vulnerabilities impact organizations that use one of many Siemens products, including the Simatic PCS 7 historian, the Sicam Device Manager, WinCC, TIA Portal, and the DIGSI engineering tool.

According to Otorio, an attacker who has gained access to the targeted organization’s operational technology (OT) network, even with limited permissions, could exploit the vulnerabilities to fully compromise the OT network.

“For example, the PCS 7 Historian, which is used as a repository for industrial process data, can be used as a ‘bridge’ for an attacker to propagate from the corporate network into the OT network. Once an attacker breaches the Historian server, one can potentially gain access to engineering, control, and monitoring systems,” explained Eran Jacob, research team leader at Otorio. 

Advertisement. Scroll to continue reading.

“An attack could take place not only from the enterprise network. For example, any compromised station with minimal privileges in the network, such as a thin client computer that has access to one of the Siemens servers, could lead to a full compromise of the network,” Jacob added.

Siemens has released an update that should fix the flaws in ALM 6, but the company currently does not plan on releasing a patch for version 5. Workarounds and mitigations are also available. 

Related: Cybersecurity Experts Cast Doubt on Hackers’ ICS Ransomware Claims

Related: InHand Industrial Router Vulnerabilities Expose Internal OT Networks to Attacks

Related: Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...