CVE-2024-44087
published 2024-09-10CVE-2024-44087: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3)…
PriorityP259high8.6CVSS 3.1
AVNACLPRNUINSCCNINAH
EPSS
10.61%
95.2th percentile
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | automation_license_manager_v5 | < * | * |
| siemens | automation_license_manager_v6.0 | < V6.0 SP12 Upd3 | V6.0 SP12 Upd3 |
| siemens | automation_license_manager_v6.2 | < V6.2 Upd3 | V6.2 Upd3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected or malformed network packets targeting port 4410/tcp on hosts running Siemens Automation License Manager; anomalous traffic to this port from untrusted sources may indicate exploitation attempts. ↗
- →Alert on crashes or unexpected termination of the Automation License Manager process, which may indicate a successful DoS exploitation via integer overflow on port 4410/tcp. ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Automation License Manager
cisa_ics·2024-09-12·CVSS 9.2
[CRITICAL] Siemens Automation License Manager
ICS Advisory
##
Siemens Automation License Manager
Release DateSeptember 12, 2024
Alert CodeICSA-24-256-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Automation License Manager
- Vulnerability: Integer Overflow or Wraparound
## 2. RISK EVALUATION
Successful exploitatio
GHSA
GHSA-j2f4-8vj5-m862: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6
ghsa_unreviewed·2024-09-10
CVE-2024-44087 [CRITICAL] CWE-190 GHSA-j2f4-8vj5-m862: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-10
Published