Vulnerability Description
Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Automation License Manager | <= 5.1 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/almsrvx_1-adv.txtExploit
- http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=5725Vendor Advisory
- http://support.automation.siemens.com/WW/view/en/114358
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfUS Government Resource
- http://aluigi.altervista.org/adv/almsrvx_1-adv.txtExploit
- http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=5725Vendor Advisory
- http://support.automation.siemens.com/WW/view/en/114358
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfUS Government Resource
FAQ
What is CVE-2011-4529?
CVE-2011-4529 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as ...
How severe is CVE-2011-4529?
CVE-2011-4529 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4529?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Automation License Manager.