{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability was identified in the Automation License Manager software that could be triggered by sending specially crafted packets to port\n4410/tcp of an affected system. This could cause a denial-of-service preventing legitimate users from using the system.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-103653: Denial-of-Service Vulnerability in Automation License Manager - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-103653.html"
      },
      {
        "category": "self",
        "summary": "SSA-103653: Denial-of-Service Vulnerability in Automation License Manager - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-103653.json"
      }
    ],
    "title": "SSA-103653: Denial-of-Service Vulnerability in Automation License Manager",
    "tracking": {
      "current_release_date": "2025-05-13T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-103653",
      "initial_release_date": "2024-09-10T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-09-10T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2025-05-13T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added fix for Automation License Manager V6.0"
        }
      ],
      "status": "interim",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Automation License Manager V5",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "Automation License Manager V5"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions < V6.0 SP12 Upd3",
                "product": {
                  "name": "Automation License Manager V6.0",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "Automation License Manager V6.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions < V6.2 Upd3",
                "product": {
                  "name": "Automation License Manager V6.2",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "Automation License Manager V6.2"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-44087",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "On the Automation License Manager settings menu disable \"Allow Remote Connections\"",
          "product_ids": [
            "1",
            "2",
            "3"
          ]
        },
        {
          "category": "mitigation",
          "details": "If remote connections are needed, limit remote access to port 4410/tcp to trusted systems only",
          "product_ids": [
            "1",
            "2",
            "3"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V6.0 SP12 Upd3 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/114358/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V6.2 Upd3 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/114358/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3"
          ]
        }
      ],
      "title": "CVE-2024-44087"
    }
  ]
}