PatchSiren cyber security CVE debrief
CVE-2024-44087 Siemens CVE debrief
CVE-2024-44087 is a high-severity vulnerability in Siemens Automation License Manager affecting versions V5, V6.0, and V6.2. The flaw involves improper validation of certain fields in incoming network packets on TCP port 4410, which can be exploited by an unauthenticated remote attacker to trigger an integer overflow and crash the application. This denial-of-service condition can prevent legitimate users from accessing products that rely on the affected application for license verification. The vulnerability was published on September 10, 2024, and last modified on May 13, 2025, when fix information was added for version 6.0. Siemens has provided vendor fixes for V6.0 and V6.2, but no fix is planned for the end-of-life V5 version.
- Vendor
- Siemens
- Product
- Automation License Manager V5
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-10
- Original CVE updated
- 2025-05-13
- Advisory published
- 2024-09-10
- Advisory updated
- 2025-05-13
Who should care
Organizations running Siemens Automation License Manager V5, V6.0, or V6.2 in industrial environments, particularly those with remote access enabled on TCP port 4410. Critical infrastructure operators and manufacturing facilities relying on license verification for production systems face operational risk from this unauthenticated remote denial-of-service vulnerability.
Technical summary
The vulnerability exists in the network packet processing logic of Siemens Automation License Manager on TCP port 4410. Insufficient validation of packet fields allows an integer overflow condition that crashes the application. The attack requires no authentication and can be executed remotely with low complexity. Successful exploitation results in denial of service, impacting license verification for dependent products. The CVSS v3.1 score of 8.6 reflects high availability impact with scope change due to downstream effects on licensed products.
Defensive priority
HIGH
Recommended defensive actions
- Disable remote connections in Automation License Manager settings if not required
- If remote connections are necessary, restrict TCP port 4410 access to trusted systems only using host-based firewall rules or network segmentation
- For Automation License Manager V6.0, update to V6.0 SP12 Upd3 or later version
- For Automation License Manager V6.2, update to V6.2 Upd3 or later version
- For Automation License Manager V5, consider upgrading to a supported version as no fix is planned for this end-of-life release
- Monitor for unexpected crashes of the Automation License Manager service that could indicate exploitation attempts
- Implement network monitoring for anomalous traffic to TCP port 4410 from untrusted sources
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-256-06. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H indicates network-exploitable, low-complexity attack with no privileges required, resulting in high availability impact with scope change. Remediation guidance includes disabling remote connections or restricting port 4410/tcp access to trusted systems as mitigations, with specific vendor fixes available for supported versions.
Official resources
-
CVE-2024-44087 CVE record
CVE.org
-
CVE-2024-44087 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-10