Locate control system networks and remote devices behind firewalls, and isolate them from the business network.Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens operational guidelines for industrial security and follow the recommendations in the product manuals.Īdditional information on industrial security by Siemens can be found at: įor more information about this issue, please see Siemens Security Advisory SSA-158827ĬISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. If remote connections are needed, limit remote access to Port 4410/TCP to trusted systems only.Īs a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms.On the Automation License Manager settings menu disable “Allow Remote Connections.”.Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
#SIEMENS LICENSE MANAGER DOWNLOAD UPDATE#
Sending specially crafted packets to Port 4410/TCP of an affected system could lead to extensive memory consumption and a denial-of-service condition, preventing legitimate users from accessing the system.ĬVE-2021-25659 has been assigned to this vulnerability. Automation License Manager 6: All versions prior to v6.0 SP9 Update 2ģ.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400.Automation License Manager 5: All versions.The following versions of Automation License Manager are affected: Successful exploitation of this vulnerability could cause a denial-of-service condition, preventing legitimate users from accessing the system. Vulnerability: Uncontrolled Resource Consumption.