This threat bulletin is composed of two vulnerabilities CVE-2022-43513 and CVE-2022-43514 made public by Siemens Automation and could result in and/or lead to unauthorized access, privilege escalation, and remote code execution creating an easy bridge for cyber attackers to potentially gain full control over the targeted control system.
Infected services enable license files renaming without verification, security, or authentication rendering them unusable or accessible by unwanted sources.
Actions and/or Recommendations
For those affected, we strongly encourage user to take the following steps to protect your operation:
- Step 1 – Update the ALM services to the latest version (ALM v6.0 SP9 Upd4 or newer).
- Step 2 – Restrict remote access to TCP port 4410.
- Step 3 – Disable remote licensing management via the ALM settings screen unless required.
As these are critical servers inside the OT/ICS Environment, it is recommended this Siemens License manager vulnerability be closed soon as possible.
About REAL Matters and Mangan Inc.
REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.
Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.