Detections
Analytics

Siemens Automation License Manager 5.x < 6.0 SP9 Upd4 Multiple Vulnerabilities (SSA-476715)

critical Nessus Plugin ID 170026

Synopsis

The remote host has software installed that is affected by multiple vulnerabilities.

Description

The version of Siemens Automation License Manager installed on the remote host is version 5.x prior to 6.0 SP9 Upd4. It is, therefore, affected by multiple vulnerabilities.

 - A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user. (CVE-2022-43513)

 - A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.
 (CVE-2022-43514)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Siemens Automation License Manager 6.0+SP9+Upd4 (6.0.9) or later.

See Also

http://www.nessus.org/u?8c48b210

http://www.nessus.org/u?5e480cbf

Plugin Details

Severity: Critical

ID: 170026

File Name: scada_siemens_alm_ssa_476715.nbin

Version: 1.21

Type: local

Agent: windows

Family: SCADA

Published: 1/13/2023

Updated: 4/23/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-43514

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:siemens:automation_license_manager

Required KB Items: SMB/Registry/Enumerated, installed_sw/Siemens Automation License Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 1/10/2023

Vulnerability Publication Date: 1/10/2023

Reference Information

CVE: CVE-2022-43513, CVE-2022-43514

IAVB: 2023-B-0003