CVE-2011-4531
published 2012-01-08CVE-2011-4531: Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.88%
94.6th percentile
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | automation_license_manager | <= 5.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-px66-m46c-vmhx: Siemens Automation License Manager (ALM) 4
ghsa_unreviewed·2022-05-17
CVE-2011-4531 [MEDIUM] CWE-20 GHSA-px66-m46c-vmhx: Siemens Automation License Manager (ALM) 4
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
CISA ICS
Siemens Automation License Manager Vulnerabilities
cisa_ics·2011-12-02
Siemens Automation License Manager Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Automation License Manager Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-361-01
## Overview
This Advisory is a follow-up to the original Alert titled “ICS-ALERT-11-332-01A—Siemens Automation License Manager Vulnerabilities” that was published December 02, 2011, on the ICS-CERT web page.
ICS-CERT is aware of publicly disclosed reports of four vulnerabilities in Siemens Automation License Manager (ALM) application. These vulnerabilities include:
- Buffer overflow
- Exception
- Null pointer
- Improper input validation.
Independent researcher Luigi A
No detection rules found.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/almsrvx_1-adv.txthttp://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=contenthttp://support.automation.siemens.com/WW/view/en/114358http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfhttp://aluigi.altervista.org/adv/almsrvx_1-adv.txthttp://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=contenthttp://support.automation.siemens.com/WW/view/en/114358http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf
2012-01-08
Published