Vulnerabilites related to siemens - automation_license_manager
Vulnerability from fkie_nvd
Published
2012-01-08 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1FAAF066-5BCA-4368-94D6-EA4E5E9954EB",
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command."
},
{
"lang": "es",
"value": "Siemens Automation License Manager (ALM) 4.0 hasta la versi\u00f3n 5.1+SP1+Upd1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de puntero NULL y ca\u00edda del demonio) a trav\u00e9s de contenido modificado en el comando (1) get_target_ocx_param o (2) send_target_ocx_param."
}
],
"id": "CVE-2011-4531",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-08T20:55:01.280",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"source": "cret@cert.org",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-10 11:15
Modified
2024-11-21 05:55
Severity ?
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50000DB-874D-4AF7-BE1C-4F51715CC477",
"versionEndExcluding": "6.0.9",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions \u003c V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Automation License Manager 5 (Todas las versiones), Automation License Manager 6 (Todas las versiones anteriores a V6.0 SP9 Update 2). El env\u00edo de paquetes especialmente dise\u00f1ados al puerto 4410/tcp de un sistema afectado podr\u00eda conllevar a un gran consumo de memoria y, por tanto, podr\u00eda causar una denegaci\u00f3n de servicio que impidiera a usuarios leg\u00edtimos usar el sistema"
}
],
"id": "CVE-2021-25659",
"lastModified": "2024-11-21T05:55:14.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-10T11:15:08.180",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-08 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1FAAF066-5BCA-4368-94D6-EA4E5E9954EB",
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en Siemens Automation License Manager (ALM) 4.0 hasta la 5.1+SP1+Upd1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un campo serialid extenso en un comando _licensekey, tal como se ha demostrado en el comando (1) check_licensekey o (2) read_licensekey."
}
],
"id": "CVE-2011-4529",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-08T20:55:01.187",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"source": "cret@cert.org",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-08 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1FAAF066-5BCA-4368-94D6-EA4E5E9954EB",
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session-\u003eworkstation-\u003eNAME or (2) grant-\u003eVERSION function."
},
{
"lang": "es",
"value": "Siemens Automation License Manager (ALM) 4.0 hasta la versi\u00f3n 5.1+SP1+Upd1 no copia apropiadamente campos obtenidos de clientes, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (excepci\u00f3n y ca\u00edda del demonio) a trav\u00e9s de campos extensos, como se ha demostrado con campos de la funci\u00f3n (1) open_session-\u003eworkstation-\u003eNAME o (2) grant-\u003eVERSION."
}
],
"id": "CVE-2011-4530",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-08T20:55:01.233",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"source": "cret@cert.org",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-07 15:29
Modified
2024-11-21 03:43
Severity ?
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | http://www.securityfocus.com/bid/105114 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105114 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC27DF2-B9E3-4551-892B-1668B2CA63D7",
"versionEndExcluding": "5.3.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions \u003c 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Automation License Manager 5 (todas las versiones anteriores a la 5.3.4.4). Un atacante con acceso en red al dispositivo podr\u00eda enviar paquetes de red especialmente manipulados para determinar si se puede acceder a un puerto de red en otro sistema remoto. Esto permite que el atacante realice un escaneo de red b\u00e1sico mediante la m\u00e1quina de la v\u00edctima. Su explotaci\u00f3n con \u00e9xito requiere de una conexi\u00f3n de red al dispositivo afectado. El atacante no necesita privilegios y tampoco se requiere interacci\u00f3n del usuario. El impacto est\u00e1 limitado a si el dispositivo afectado puede acceder a un puerto del sistema objetivo."
}
],
"id": "CVE-2018-11456",
"lastModified": "2024-11-21T03:43:24.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-07T15:29:00.607",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105114"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-08 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1FAAF066-5BCA-4368-94D6-EA4E5E9954EB",
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio absoluto en el control ActiveX ALMListView.ALMListCtrl de almaxcx.dll del interfaz gr\u00e1fico de usuario de Siemens Automation License Manager (ALM) 2.0 hasta la 5.1+SP1+Upd2 permite a atacantes remotos sobreescribir archivos arbitrarios a trav\u00e9s del m\u00e9todo \"Save\"."
}
],
"id": "CVE-2011-4532",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-08T20:55:01.343",
"references": [
{
"source": "cret@cert.org",
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"source": "cret@cert.org",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-07 15:29
Modified
2024-11-21 03:43
Severity ?
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | http://www.securityfocus.com/bid/105114 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105114 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * | |
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77C00B70-5281-47EE-A86D-B891FB9DEF7B",
"versionEndExcluding": "5.3.4.4",
"versionStartExcluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED104AAE-CD92-45C2-9B59-CD5CBA85B99F",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions \u003c 5.3.4.4), Automation License Manager 6 (All versions \u003c 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Automation License Manager 5 (todas las versiones anteriores a la 5.3.4.4) y Automation License Manager 6 (todas las versiones anteriores a la 6.0.1). Una vulnerabilidad de salto de directorio podr\u00eda permitir que un atacante remoto mueva archivos arbitrarios, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo, comprometiendo as\u00ed la confidencialidad, integridad y disponibilidad del sistema. Su explotaci\u00f3n con \u00e9xito requiere de una conexi\u00f3n de red al dispositivo afectado. El atacante no necesita privilegios o condiciones especiales del sistema, pero se requiere interacci\u00f3n del usuario."
}
],
"id": "CVE-2018-11455",
"lastModified": "2024-11-21T03:43:24.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-07T15:29:00.497",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105114"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-14 16:15
Modified
2024-11-21 05:37
Severity ?
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41EB5114-158B-4672-9688-3F312EEC9940",
"versionEndExcluding": "6.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions \u003c V6.0.8). The application does not properly validate the users\u0027 privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido identificada en Automation License Manager 5 (Todas las versiones), Automation License Manager 6 (Todas las versiones anteriores a V6.0.8). La aplicaci\u00f3n no comprueba apropiadamente los privilegios de los usuarios cuando ejecutan algunas operaciones, lo que podr\u00eda permitir a un usuario con pocos permisos modificar arbitrariamente archivos que deber\u00edan estar protegidos contra escritura."
}
],
"id": "CVE-2020-7583",
"lastModified": "2024-11-21T05:37:25.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-14T16:15:17.727",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-10 12:15
Modified
2024-11-21 07:26
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication.
This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | 5.0.0 | |
| siemens | automation_license_manager | 5.1 | |
| siemens | automation_license_manager | 5.1 | |
| siemens | automation_license_manager | 5.2 | |
| siemens | automation_license_manager | 5.3 | |
| siemens | automation_license_manager | 5.3 | |
| siemens | automation_license_manager | 5.3.4.4 | |
| siemens | automation_license_manager | 6.0 | |
| siemens | automation_license_manager | 6.0.1 | |
| siemens | automation_license_manager | 6.0.8 | |
| siemens | automation_license_manager | 6.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57DAB83B-D831-4DB8-A4BA-110B49EE2696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0233F2E-C041-40D5-AB8F-F6C379924615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CDA04752-6735-4BBF-B5B2-801055CEB3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C899294-1A84-4462-A4FC-37AAC939A3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD772F21-BC75-4DBA-948B-ED73ED3594F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7825B35F-204E-43A6-9CE3-087CEBB63F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F1424C77-4F58-4392-9DF0-880FF03EF5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9947563-20B4-4FB5-88AE-54D47FA397DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A717A185-083A-49A1-B5E3-E6D678643916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "206F9776-74CB-4CFA-A92E-63C739FA8771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FA349550-EA76-4C27-B681-1846C977EE8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions \u003c V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions \u003c V3.1.2). The affected components allow to rename license files with user chosen input without authentication.\r\nThis could allow an unauthenticated remote attacker to rename and move files as SYSTEM user."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Automation License Manager V5 (todas las versiones), Automation License Manager V6 (todas las versiones \u0026lt; V6.0 SP9 Upd4). Los componentes afectados permiten cambiar el nombre de los archivos de licencia con la entrada elegida por el usuario sin autenticaci\u00f3n. Esto podr\u00eda permitir que un atacante remoto no autenticado cambie el nombre y mueva archivos como usuario de SYSTEM."
}
],
"id": "CVE-2022-43513",
"lastModified": "2024-11-21T07:26:40.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-10T12:15:23.207",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 12:30
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | 4.0 | |
| siemens | automation_license_manager | 5.0 | |
| siemens | automation_license_manager | 5.1 | |
| siemens | automation_license_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C78FACDA-A891-44F8-8D7A-C1D5F4D25668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "246E11D3-ED40-439C-B682-755516D698FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0233F2E-C041-40D5-AB8F-F6C379924615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CDA04752-6735-4BBF-B5B2-801055CEB3F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets."
},
{
"lang": "es",
"value": "Fuga de memoria en Siemens Automation License Manager (ALM) v4.x y v5.x antes de v5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de paquetes manipulados."
}
],
"evaluatorImpact": "Per: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf\r\n\r\n\"The attacker must have access to the local subnet where ALM is located. During installation, the default setting of the Windows firewall is to block the port used by ALM for all networks except the local subnet. If this setting has not been changed by the administrator, these vulnerabilities cannot be exploited from remote networks. Additionally, communication to this port should be blocked at network borders using appropriate security measures like firewalls.\"",
"id": "CVE-2012-4691",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T12:30:05.810",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-349-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-349-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-13 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E3DB7794-0888-499C-A14A-3F42119A59DA",
"versionEndIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets."
},
{
"lang": "es",
"value": "Siemens Automation License Manager (ALM) en versiones anteriores a 5.3 SP3 permite a atacantes remotos escribir en archivos, renombrar archivos, crear directorios o eliminar directorios a trav\u00e9s de paquetes manipulados."
}
],
"id": "CVE-2016-8565",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-13T10:59:05.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93553"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-13 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E3DB7794-0888-499C-A14A-3F42119A59DA",
"versionEndIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410."
},
{
"lang": "es",
"value": "Siemens Automation License Manager (ALM) en versiones anteriores a 5.3 SP3 Update 1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n del servicio ALM) a trav\u00e9s de paquetes manipulados al puerto TCP 4410."
}
],
"id": "CVE-2016-8563",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-13T10:59:03.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93553"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-13 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E3DB7794-0888-499C-A14A-3F42119A59DA",
"versionEndIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Siemens Automation License Manager (ALM) en versiones anteriores a 5.3 SP3 Update 1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de manipulado al puerto TCP 4410."
}
],
"id": "CVE-2016-8564",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-13T10:59:04.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93553"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-10 12:15
Modified
2024-11-21 07:26
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory.
This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | automation_license_manager | 5.0.0 | |
| siemens | automation_license_manager | 5.1 | |
| siemens | automation_license_manager | 5.1 | |
| siemens | automation_license_manager | 5.2 | |
| siemens | automation_license_manager | 5.3 | |
| siemens | automation_license_manager | 5.3 | |
| siemens | automation_license_manager | 5.3.4.4 | |
| siemens | automation_license_manager | 6.0 | |
| siemens | automation_license_manager | 6.0.1 | |
| siemens | automation_license_manager | 6.0.8 | |
| siemens | automation_license_manager | 6.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57DAB83B-D831-4DB8-A4BA-110B49EE2696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0233F2E-C041-40D5-AB8F-F6C379924615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CDA04752-6735-4BBF-B5B2-801055CEB3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C899294-1A84-4462-A4FC-37AAC939A3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD772F21-BC75-4DBA-948B-ED73ED3594F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7825B35F-204E-43A6-9CE3-087CEBB63F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:5.3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F1424C77-4F58-4392-9DF0-880FF03EF5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9947563-20B4-4FB5-88AE-54D47FA397DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A717A185-083A-49A1-B5E3-E6D678643916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "206F9776-74CB-4CFA-A92E-63C739FA8771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:automation_license_manager:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FA349550-EA76-4C27-B681-1846C977EE8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions \u003c V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions \u003c V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory.\r\nThis could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Automation License Manager V5 (todas las versiones), Automation License Manager V6 (todas las versiones "
}
],
"id": "CVE-2022-43514",
"lastModified": "2024-11-21T07:26:40.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-10T12:15:23.277",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
CVE-2021-25659 (GCVE-0-2021-25659)
Vulnerability from cvelistv5
Published
2021-08-10 10:35
Modified
2024-08-03 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | Automation License Manager 5 |
Version: All versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation License Manager 5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Automation License Manager 6",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0 SP9 Update 2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions \u003c V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T10:35:25",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation License Manager 5",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Automation License Manager 6",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.0 SP9 Update 2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions \u003c V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25659",
"datePublished": "2021-08-10T10:35:25",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4532 (GCVE-0-2011-4532)
Vulnerability from cvelistv5
Published
2012-01-08 20:00
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-08T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.automation.siemens.com/WW/view/en/114358",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"name": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"name": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4532",
"datePublished": "2012-01-08T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:11:52.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11456 (GCVE-0-2018-11456)
Vulnerability from cvelistv5
Published
2018-08-07 15:00
Modified
2024-08-05 08:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens AG | Automation License Manager 5 |
Version: Automation License Manager 5 : All versions < 5.3.4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation License Manager 5",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "Automation License Manager 5 : All versions \u003c 5.3.4.4"
}
]
}
],
"datePublic": "2018-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions \u003c 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T09:57:01",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "105114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-11456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation License Manager 5",
"version": {
"version_data": [
{
"version_value": "Automation License Manager 5 : All versions \u003c 5.3.4.4"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions \u003c 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105114"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-11456",
"datePublished": "2018-08-07T15:00:00",
"dateReserved": "2018-05-25T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8564 (GCVE-0-2016-8564)
Vulnerability from cvelistv5
Published
2016-10-13 10:00
Modified
2024-08-06 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8564",
"datePublished": "2016-10-13T10:00:00",
"dateReserved": "2016-10-07T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4691 (GCVE-0-2012-4691)
Vulnerability from cvelistv5
Published
2012-12-18 11:00
Modified
2025-05-23 18:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-349-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T18:26:19.054Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-349-01.pdf"
},
{
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-349-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-349-01.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4691",
"datePublished": "2012-12-18T11:00:00.000Z",
"dateReserved": "2012-08-28T00:00:00.000Z",
"dateUpdated": "2025-05-23T18:26:19.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11455 (GCVE-0-2018-11455)
Vulnerability from cvelistv5
Published
2018-08-07 15:00
Modified
2024-08-05 08:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens AG | Automation License Manager 5, Automation License Manager 6 |
Version: Automation License Manager 5 : All versions < 5.3.4.4 Version: Automation License Manager 6 : All versions < 6.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation License Manager 5, Automation License Manager 6",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "Automation License Manager 5 : All versions \u003c 5.3.4.4"
},
{
"status": "affected",
"version": "Automation License Manager 6 : All versions \u003c 6.0.1"
}
]
}
],
"datePublic": "2018-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions \u003c 5.3.4.4), Automation License Manager 6 (All versions \u003c 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T09:57:01",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "105114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-11455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation License Manager 5, Automation License Manager 6",
"version": {
"version_data": [
{
"version_value": "Automation License Manager 5 : All versions \u003c 5.3.4.4"
},
{
"version_value": "Automation License Manager 6 : All versions \u003c 6.0.1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions \u003c 5.3.4.4), Automation License Manager 6 (All versions \u003c 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105114"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-11455",
"datePublished": "2018-08-07T15:00:00",
"dateReserved": "2018-05-25T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4530 (GCVE-0-2011-4530)
Vulnerability from cvelistv5
Published
2012-01-08 20:00
Modified
2024-09-16 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session-\u003eworkstation-\u003eNAME or (2) grant-\u003eVERSION function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-08T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session-\u003eworkstation-\u003eNAME or (2) grant-\u003eVERSION function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.automation.siemens.com/WW/view/en/114358",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"name": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"name": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4530",
"datePublished": "2012-01-08T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T17:15:01.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4531 (GCVE-0-2011-4531)
Vulnerability from cvelistv5
Published
2012-01-08 20:00
Modified
2024-09-17 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-08T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.automation.siemens.com/WW/view/en/114358",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"name": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"name": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4531",
"datePublished": "2012-01-08T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:36.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7583 (GCVE-0-2020-7583)
Vulnerability from cvelistv5
Published
2020-08-14 15:24
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens AG | Automation License Manager 5 |
Version: All versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation License Manager 5",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Automation License Manager 6",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions \u003c V6.0.8). The application does not properly validate the users\u0027 privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-14T15:24:06",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-7583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation License Manager 5",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Automation License Manager 6",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.0.8"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions \u003c V6.0.8). The application does not properly validate the users\u0027 privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-7583",
"datePublished": "2020-08-14T15:24:06",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8563 (GCVE-0-2016-8563)
Vulnerability from cvelistv5
Published
2016-10-13 10:00
Modified
2024-08-06 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8563",
"datePublished": "2016-10-13T10:00:00",
"dateReserved": "2016-10-07T00:00:00",
"dateUpdated": "2024-08-06T02:27:40.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4529 (GCVE-0-2011-4529)
Vulnerability from cvelistv5
Published
2012-01-08 20:00
Modified
2024-09-17 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-08T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.automation.siemens.com/WW/view/en/114358",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/view/en/114358"
},
{
"name": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt"
},
{
"name": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll\u0026objId=57252401\u0026objAction=csView\u0026nodeid0=17323948\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=WW\u0026load=content"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4529",
"datePublished": "2012-01-08T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:10.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43513 (GCVE-0-2022-43513)
Vulnerability from cvelistv5
Published
2023-01-10 11:39
Modified
2025-04-09 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-73 - External Control of File Name or Path
Summary
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication.
This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | Automation License Manager V5 |
Version: 0 < * |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:05:09.779623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:05:21.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Automation License Manager V5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Automation License Manager V6",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0 SP9 Upd4"
}
]
},
{
"defaultStatus": "unknown",
"product": "TeleControl Server Basic V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions \u003c V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions \u003c V3.1.2). The affected components allow to rename license files with user chosen input without authentication.\r\nThis could allow an unauthenticated remote attacker to rename and move files as SYSTEM user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T08:34:28.633Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-43513",
"datePublished": "2023-01-10T11:39:38.879Z",
"dateReserved": "2022-10-19T13:06:48.747Z",
"dateUpdated": "2025-04-09T14:05:21.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43514 (GCVE-0-2022-43514)
Vulnerability from cvelistv5
Published
2023-01-10 11:39
Modified
2025-04-09 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory.
This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | Automation License Manager V5 |
Version: 0 < * |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:20:34.523521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:20:46.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Automation License Manager V5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Automation License Manager V6",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0 SP9 Upd4"
}
]
},
{
"defaultStatus": "unknown",
"product": "TeleControl Server Basic V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions \u003c V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions \u003c V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory.\r\nThis could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T08:34:30.153Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-43514",
"datePublished": "2023-01-10T11:39:39.909Z",
"dateReserved": "2022-10-19T13:06:48.747Z",
"dateUpdated": "2025-04-09T15:20:46.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8565 (GCVE-0-2016-8565)
Vulnerability from cvelistv5
Published
2016-10-13 10:00
Modified
2024-08-06 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8565",
"datePublished": "2016-10-13T10:00:00",
"dateReserved": "2016-10-07T00:00:00",
"dateUpdated": "2024-08-06T02:27:40.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}