CVE-2011-4530
published 2012-01-08CVE-2011-4530: Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
4.44%
90.2th percentile
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | automation_license_manager | <= 5.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9wc8-4g2q-8xv5: Siemens Automation License Manager (ALM) 4
ghsa_unreviewed·2022-05-17
CVE-2011-4530 [MEDIUM] CWE-20 GHSA-9wc8-4g2q-8xv5: Siemens Automation License Manager (ALM) 4
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
CISA ICS
Siemens Automation License Manager Vulnerabilities
cisa_ics·2011-12-02
Siemens Automation License Manager Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Automation License Manager Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-361-01
## Overview
This Advisory is a follow-up to the original Alert titled “ICS-ALERT-11-332-01A—Siemens Automation License Manager Vulnerabilities” that was published December 02, 2011, on the ICS-CERT web page.
ICS-CERT is aware of publicly disclosed reports of four vulnerabilities in Siemens Automation License Manager (ALM) application. These vulnerabilities include:
- Buffer overflow
- Exception
- Null pointer
- Improper input validation.
Independent researcher Luigi A
No detection rules found.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/almsrvx_1-adv.txthttp://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=contenthttp://support.automation.siemens.com/WW/view/en/114358http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfhttp://aluigi.altervista.org/adv/almsrvx_1-adv.txthttp://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=contenthttp://support.automation.siemens.com/WW/view/en/114358http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf
2012-01-08
Published