CVE-2024-44087 — Integer Overflow or Wraparound in Siemens Automation License Manager V5

CWE-190 — Integer Overflow or Wraparound3 documents3 sources

Severity

9.2CRITICALNVD

EPSS

13.8%

top 5.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Automation License Manager V5 Siemens Automation License Manager V6.0 Siemens Automation License Manager V6.2

Timeline

PublishedSep 10

Description

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from us…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages3 packages

▶CVEListV5siemens/automation_license_manager_v5< *

▶CVEListV5siemens/automation_license_manager_v6.0< V6.0 SP12 Upd3

▶CVEListV5siemens/automation_license_manager_v6.2< V6.2 Upd3

🔴Vulnerability Details

CVEList

CVE-2024-44087: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6↗2024-09-10

▶

GHSA

GHSA-j2f4-8vj5-m862: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6↗2024-09-10

▶