CVE-2016-8564

CWE-89 — SQL Injection3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 54.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Automation License Manager

Timeline

PublishedOct 13

Latest updateMay 17

Description

SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

▶NVDsiemens/automation_license_manager5.3

Patches

Patch: www.siemens.com ↗Patch: www.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-pp9j-r5qv-wgcj: SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5↗2022-05-17

▶

CVEList

CVE-2016-8564: SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5↗2016-10-13

▶