Vulnerability Description
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Automation License Manager | < 5.3.4.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105114Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdfVendor Advisory
- http://www.securityfocus.com/bid/105114Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdfVendor Advisory
FAQ
What is CVE-2018-11456?
CVE-2018-11456 is a vulnerability with a CVSS score of 5.8 (MEDIUM). A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine wh...
How severe is CVE-2018-11456?
CVE-2018-11456 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11456?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Automation License Manager.