![]() In a blog post published on Tuesday, Otorio explained that most of Siemens’ software products use the ALM by default for license management. Chaining the two vulnerabilities can lead to remote code execution, Siemens said. The second issue, CVE-2022-43514, allows a remote, unauthenticated attacker to execute operations on files outside the specified root folder. ![]() One of the flaws, tracked as CVE-2022-43513, can allow a remote, unauthenticated attacker to rename and move license files as a System user. ![]() One of the six advisories published at the time describes two high-severity security holes discovered by a researcher from Otorio in the Siemens Automation License Manager (ALM), which is designed for centrally managing license keys for Siemens software. On January 10, Siemens released its first round of Patch Tuesday updates for 2023, addressing a total of 20 vulnerabilities affecting the company’s products. The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS), according to industrial cybersecurity firm Otorio.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |