Vulnerability Description
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Automation License Manager | < 5.3.4.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105114Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdfVendor Advisory
- http://www.securityfocus.com/bid/105114Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdfVendor Advisory
FAQ
What is CVE-2018-11455?
CVE-2018-11455 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a rem...
How severe is CVE-2018-11455?
CVE-2018-11455 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11455?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Automation License Manager.