CVE-2011-4532
published 2012-01-08CVE-2011-4532: Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation…
PriorityP432medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
3.58%
87.9th percentile
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | automation_license_manager | <= 5.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Automation License Manager Vulnerabilities
cisa_ics·2011-12-02
Siemens Automation License Manager Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Automation License Manager Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-361-01
## Overview
This Advisory is a follow-up to the original Alert titled “ICS-ALERT-11-332-01A—Siemens Automation License Manager Vulnerabilities” that was published December 02, 2011, on the ICS-CERT web page.
ICS-CERT is aware of publicly disclosed reports of four vulnerabilities in Siemens Automation License Manager (ALM) application. These vulnerabilities include:
- Buffer overflow
- Exception
- Null pointer
- Improper input validation.
Independent researcher Luigi A
GHSA
GHSA-44rr-xjrr-2j22: Absolute path traversal vulnerability in the ALMListView
ghsa_unreviewed·2022-05-17
CVE-2011-4532 [MEDIUM] CWE-22 GHSA-44rr-xjrr-2j22: Absolute path traversal vulnerability in the ALMListView
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
No detection rules found.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/almsrvx_1-adv.txthttp://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=contenthttp://support.automation.siemens.com/WW/view/en/114358http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdfhttp://aluigi.altervista.org/adv/almsrvx_1-adv.txthttp://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=contenthttp://support.automation.siemens.com/WW/view/en/114358http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf
2012-01-08
Published