Rewterz Threat Advisory – ICS: Siemens Automation License Manager Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-25659

A vulnerability was identified in the Automation License Manager software that could be triggered by sending specially crafted packets to port 4410/TCP of an affected system that could lead to extensive memory being consumed and could cause a denial-of-service preventing legitimate users from using the system.

Impact

• Denial of Services

Affected Vendors

• Siemens

Affected Products

• Automation License Manager 5: All versions
• Automation License Manager 6: All versions < V6.0 SP9

Remediation

Refer to vendor advisory for the complete list of affected products and their respective patches at

https://support.industry.siemens.com/cs/document/114358/handling-programs-for-authorizing-or-licensing-simatic-products-(-alm-tia-administrator-authors)?dti=0&lc=en-WW