Denial of Service Flaw in Siemens Automation License Manager
CVE-2011-4530

Currently unrated

Key Information:

Vendor: Siemens
Status: Automation License Manager
Vendor: CVE Published:; 8 January 2012

Summary

The Siemens Automation License Manager (ALM) versions 4.0 through 5.1+SP1+Upd1 contain a vulnerability that permits remote attackers to exploit improperly handled client fields. By sending excessively long input to specific functions such as open_session->workstation->NAME or grant->VERSION, an attacker can trigger a denial of service condition, leading to application crashes and interruptions in service. This vulnerability emphasizes the need for robust input validation and secure coding practices to mitigate potential exploitation.

References

http://support.automation.siemens.com/WW/view/en/114358

x_refsource_CONFIRM

http://aluigi.altervista.org/adv/almsrvx_1-adv.txt

x_refsource_MISC

http://support.automation.siemens.com/WW/llisapi.dll/5725...

x_refsource_CONFIRM

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 8, 2012