Siemens Automation License Manager (ICSA-20-224-07) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an improper authorization vulnerability in Siemens Automation License Manager. For Automation License Manager 5, all versions are affected. For Automation License Manager 6, all versions prior to v6.0.8 are affected. Successful exploitation of this vulnerability could allow an attacker to locally escalate privileges and modify files that should be protected against writing. For Automation Manager 5, Siemens recommends users disable access to drives which have licenses installed, for non-administrator users. For Automation Manager 6, Siemens recommends users update to v6.0.8 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.