Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4532

CWE-22 — Path Traversal4 documents4 sources

Severity

5.0MEDIUM

EPSS

3.3%

top 12.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Siemens Automation License Manager

Timeline

PublishedJan 8

Latest updateMay 17

Description

Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsiemens/automation_license_manager5.1

🔴Vulnerability Details

GHSA

GHSA-44rr-xjrr-2j22: Absolute path traversal vulnerability in the ALMListView↗2022-05-17

▶

CVEList

CVE-2011-4532: Absolute path traversal vulnerability in the ALMListView↗2012-01-08

▶

💥Exploits & PoCs

Exploit-DB

siemens automation license manager 500.0.122.1 - Multiple Vulnerabilities↗2011-11-28

▶