Siemens Automation License Manager

🗓️ 10 Sep 2024 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

Siemens Automation License Manager vulnerability requires update to V6.2 Upd3 or later version. Remote access to port 4410/tcp must be limited to trusted systems onl

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the Automation License Manager software, related to integer overflow, allows a perpetrator to trigger a service failure.	13 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-44087	10 Sep 202413:23	–	circl
CNNVD	Siemens Automation License Manager 输入验证错误漏洞	10 Sep 202400:00	–	cnnvd
CNVD	Siemens Automation License Manager Denial of Service Vulnerability	12 Sep 202400:00	–	cnvd
CVE	CVE-2024-44087	10 Sep 202409:36	–	cve
Cvelist	CVE-2024-44087	10 Sep 202409:36	–	cvelist
EUVD	EUVD-2024-40855	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Siemens products	10 Sep 202418:20	–	ncsc
NVD	CVE-2024-44087	10 Sep 202410:15	–	nvd
RedhatCVE	CVE-2024-44087	4 Feb 202522:48	–	redhatcve

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-103653.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-103653.html
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-06.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-256-06
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

10 Sep 2024 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 3.18.6

CVSS 49.2

EPSS0.13789

SSVC