Vulnerability Description
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Automation License Manager | <= 5.1 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/almsrvx_1-adv.txt
- http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=5725Vendor Advisory
- http://support.automation.siemens.com/WW/view/en/114358
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfUS Government Resource
- http://aluigi.altervista.org/adv/almsrvx_1-adv.txt
- http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=5725Vendor Advisory
- http://support.automation.siemens.com/WW/view/en/114358
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfUS Government Resource
FAQ
What is CVE-2011-4532?
CVE-2011-4532 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2...
How severe is CVE-2011-4532?
CVE-2011-4532 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4532?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Automation License Manager.