In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens operational guidelines for industrial security and follow the recommendations in the product manuals.Ĭlick here for additional information on industrial security by Siemens.įor more information about this issue, click on Siemens Security Advisory SSA-158827. If remote connections are needed, limit remote access to Port 4410/TCP to trusted systems onlyĪs a general security measure, Siemens recommends users protect network access to devices with appropriate mechanisms.On the Automation License Manager settings menu disable “Allow Remote Connections”.Siemens has workarounds and mitigations users can apply to reduce the risk: The setup package generally installs about 15 files and is usually. Siemens recommends users apply the following updates to mitigate this vulnerability: Automation License Manager 6: Update to v6.0 SP9 Update 2 or later. Siemens Automation License Manager V4.0 + SP2 is a software program developed by Siemens. This vulnerability has a high attack complexity. No known public exploits specifically target this vulnerability. The product sees use in multiple industrial sectors, and on a global basis.
CVE-2021-25659 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.9.
0 kommentar(er)
