Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
Automation License Manager 6: Update to v6.0 SP9 Update 2 or later. Siemens recommends users apply the following updates to mitigate this vulnerability: Siemens reported this vulnerability to CISA. CRITICAL INFRASTRUCTURE SECTORS: Multiple. A CVSS v3 base score of 5.9 has been calculated the CVSS vector string is ( AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Sending specially crafted packets to Port 4410/TCP of an affected system could lead to extensive memory consumption and a denial-of-service condition, preventing legitimate users from accessing the system.ĬVE-2021-25659 has been assigned to this vulnerability. Automation License Manager 6: All versions prior to v6.0 SP9 Update 2ģ.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400. Automation License Manager 5: All versions. 
The following versions of Automation License Manager are affected: Successful exploitation of this vulnerability could cause a denial-of-service condition, preventing legitimate users from accessing the system.
Vulnerability: Uncontrolled Resource Consumption.
0 kommentar(er)
