×
Siemens Industry Online Support
Siemens AG
Entry type: Product note Entry ID: 57252401, Entry date: 12/19/2011
(1)
Rate

Security update of the Automation License Manager (ALM)

  • Entry
  • Associated product(s)

Important security improvements have been included in Version 5.1 SP 1 Update 3 of the Automation License Manager (ALM). This update should therefore be installed as soon as possible.

   

Security-relevant vulnerabilities have been found in older versions of the ALM (>= V4.0) which can adversely affect the availability of the licensing service in the event of deliberate manipulation. In certain situations there might be a risk of foreign programming code being executed in the event of a targeted attack.  

If an older ALM version is in use, we therefore recommend installing the update of the Automation License Manager at the earliest opportunity. The update can be downloaded at the following link:
Entry ID 114358

If updating the ALM is currently - or generally - not possible, the following protective measures should be reviewed and implemented accordingly:

  • Restricting or blocking ALM communication (standard port 4410/TCP) at network boundaries to or between production areas by means of suitable security measures such as firewalls.
  • Deactivating remote access to the ALM service with systems that do not operate as license servers (e.g. providing floating licenses for other systems). This option can be found in the ALM settings in the "Connection" register.
  • Avoid opening websites from unknown or untrustworthy sources using the Internet Explorer.

You can find more security measures as well as general information on the subject of industrial security at  www.siemens.com/industrialsecurity 

 

 

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
http://www.siemens.com/industrialsecurity.