CVE-2018-11455

CWE-22 — Path Traversal3 documents3 sources

Severity

8.8HIGH

EPSS

2.5%

top 14.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Automation License Manager

Timeline

PublishedAug 7

Latest updateMay 13

Description

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, b…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDsiemens/automation_license_manager6.0 — 6.0.1+1

🔴Vulnerability Details

GHSA

GHSA-q23v-cmj9-h93q: A vulnerability has been identified in Automation License Manager 5 (All versions < 5↗2022-05-13

▶

CVEList

CVE-2018-11455: A vulnerability has been identified in Automation License Manager 5 (All versions < 5↗2018-08-07

▶