The industrial cybersecurity firm Otorio has discovered two serious vulnerabilities in the Siemens Automation License Manager (ALM) which could be used to hack industrial control systems. On January 10, Siemens released a patch to address the 20 vulnerabilities affecting their products, including the two high-severity security holes in the ALM. The first vulnerability, CVE-2022-43513, allows a remote, unauthenticated attacker to rename and move license files as a System user. The second vulnerability, CVE-2022-43514, allows a remote, unauthenticated attacker to execute operations on files outside the specified root folder. If these two vulnerabilities are chained together, it could lead to remote code execution. The ALM is used by many Siemens products, including the Simatic PCS 7 historian, the Sicam Device Manager, WinCC, TIA Portal, and the DIGSI engineering tool. An attacker with access to the targeted organization's operational technology network, even with limited permissions, could exploit the vulnerabilities to gain full control of the OT network. The PCS 7 Historian, which is used to store industrial process data, could be used as a bridge for an attacker to spread from the corporate network to the OT network. An attack could also originate from a compromised station with minimal privileges in the network, such as a thin client computer that has access to one of the Siemens servers. Siemens has released an update to fix the flaws in ALM 6, but they do not plan on releasing a patch for version 5.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 08 Feb 2023 17:22:03 +0000