Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4530

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUM
EPSS
11.7%
top 6.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Siemens Automation License Manager
Timeline
PublishedJan 8
Latest updateMay 17

Description

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-9wc8-4g2q-8xv5: Siemens Automation License Manager (ALM) 42022-05-17
CVEList
CVE-2011-4530: Siemens Automation License Manager (ALM) 42012-01-08

💥Exploits & PoCs

1
Exploit-DB
siemens automation license manager 500.0.122.1 - Multiple Vulnerabilities2011-11-28
CVE-2011-4530 (MEDIUM CVSS 5) | Siemens Automation License Manager | cvebase.io