CVE-2024-44087: 
Siemens Automation License Manager vulnerability analysis and mitigation

A vulnerability (CVE-2024-44087) has been identified in Siemens Automation License Manager (ALM), a software that centrally manages license keys for various Siemens software products. The vulnerability affects Automation License Manager V5 (All versions), V6.0 (All versions), and V6.2 (versions < V6.2 Upd3). The issue was discovered in June 2024 and publicly disclosed on September 10, 2024 (Siemens Advisory).

The vulnerability stems from improper validation of certain fields in incoming network packets on port 4410/tcp. When exploited, it can cause an integer overflow in the almsrv64x.exe process. The vulnerability has received a CVSS v3.1 Base Score of 8.6 (HIGH) with vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H and a CVSS v4.0 Base Score of 9.2 (CRITICAL) with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H. The vulnerability is classified as CWE-190: Integer Overflow or Wraparound (Tenable Research).

When successfully exploited, this vulnerability can cause a denial of service condition by crashing the application. This prevents legitimate users from using subsequent products that rely on the affected application for license verification (Siemens Advisory).

Siemens has released version V6.2 Upd3 as a fix for Automation License Manager V6.2. For systems where fixes are not available (V5 and V6.0), Siemens recommends two specific mitigations: 1) Disable 'Allow Remote Connections' in the Automation License Manager settings menu, or 2) If remote connections are needed, limit remote access to port 4410/tcp to trusted systems only (Siemens Advisory).