CVE-2018-11456

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.8MEDIUM

EPSS

0.2%

top 60.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Automation License Manager Siemens AG Automation License Manager 5

Timeline

PublishedAug 7

Latest updateMay 13

Description

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is requ…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsiemens/automation_license_manager< 5.3.4.4

▶CVEListV5siemens_ag/automation_license_manager_5Automation License Manager 5 : All versions < 5.3.4.4

🔴Vulnerability Details

GHSA

GHSA-qwxx-q8h8-xx3q: A vulnerability has been identified in Automation License Manager 5 (All versions < 5↗2022-05-13

▶

CVEList

CVE-2018-11456: A vulnerability has been identified in Automation License Manager 5 (All versions < 5↗2018-08-07

▶