Vulnerability Description
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Automation License Manager | <= 5.1 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/almsrvx_1-adv.txtExploit
- http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=5725Vendor Advisory
- http://support.automation.siemens.com/WW/view/en/114358
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfUS Government Resource
- http://aluigi.altervista.org/adv/almsrvx_1-adv.txtExploit
- http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=5725Vendor Advisory
- http://support.automation.siemens.com/WW/view/en/114358
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfUS Government Resource
FAQ
What is CVE-2011-4531?
CVE-2011-4531 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_targ...
How severe is CVE-2011-4531?
CVE-2011-4531 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4531?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Automation License Manager.