National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:siemens:automation_license_manager:5.2
There are 5 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-11456

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.

Published: August 07, 2018; 11:29:00 AM -04:00
V3: 5.8 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-11455

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.

Published: August 07, 2018; 11:29:00 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-8565

Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.

Published: October 13, 2016; 06:59:05 AM -04:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2016-8564

SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.

Published: October 13, 2016; 06:59:04 AM -04:00
V3: 6.5 MEDIUM
V2: 6.4 MEDIUM
CVE-2016-8563

Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.

Published: October 13, 2016; 06:59:03 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM