) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:siemens:automation_license_manager:4.0
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-11456 |
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device. Published: August 07, 2018; 11:29:00 AM -0400 |
V3.0: 5.8 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2016-8565 |
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. Published: October 13, 2016; 6:59:05 AM -0400 |
V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2016-8564 |
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. Published: October 13, 2016; 6:59:04 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
| CVE-2016-8563 |
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. Published: October 13, 2016; 6:59:03 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2012-4691 |
Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. Published: December 18, 2012; 7:30:05 AM -0500 |
V3.x:(not available) V2.0: 3.3 LOW |
| CVE-2011-4532 |
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. Published: January 08, 2012; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2011-4531 |
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command. Published: January 08, 2012; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2011-4530 |
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function. Published: January 08, 2012; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2011-4529 |
Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command. Published: January 08, 2012; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |