Vulnerability Description
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Automation License Manager | <= 5.1 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/almsrvx_1-adv.txtExploit
- http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=5725Vendor Advisory
- http://support.automation.siemens.com/WW/view/en/114358
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfUS Government Resource
- http://aluigi.altervista.org/adv/almsrvx_1-adv.txtExploit
- http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=5725Vendor Advisory
- http://support.automation.siemens.com/WW/view/en/114358
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfUS Government Resource
FAQ
What is CVE-2011-4530?
CVE-2011-4530 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon ...
How severe is CVE-2011-4530?
CVE-2011-4530 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4530?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Automation License Manager.