According to industrial cybersecurity company Otorio, the Siemens Automation License Manager has two critical flaws that could be combined to compromise industrial control systems (ICS).
The first batch of Siemens’ Patch Tuesday updates for 2023 were made available on January 10 and addressed a total of 20 vulnerabilities affecting the company’s products. The Siemens Automation License Manager (ALM), which is intended for centrally managing license keys for Siemens software, has two high-severity security holes that were found by a researcher from Otorio, according to one of the six advisories that were published at the time.
A remote, unauthenticated attacker may be able to rename and move license files while logged in as the System user thanks to one of the flaws, tracked as CVE-2022-43513.
Read More: Siemens License Manager Vulnerabilities Allow ICS Hacking
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.