Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4529

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.5HIGH

EPSS

14.9%

top 5.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Siemens Automation License Manager

Timeline

PublishedJan 8

Latest updateMay 17

Description

Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsiemens/automation_license_manager5.1

🔴Vulnerability Details

GHSA

GHSA-5f2r-rx93-xgcp: Multiple buffer overflows in Siemens Automation License Manager (ALM) 4↗2022-05-17

▶

CVEList

CVE-2011-4529: Multiple buffer overflows in Siemens Automation License Manager (ALM) 4↗2012-01-08

▶

💥Exploits & PoCs

Exploit-DB

siemens automation license manager 500.0.122.1 - Multiple Vulnerabilities↗2011-11-28

▶