Path Traversal Vulnerability in Siemens Automation License Manager
CVE-2011-4532

Currently unrated

Key Information:

Vendor: Siemens
Status: Automation License Manager
Vendor: CVE Published:; 8 January 2012

Summary

A path traversal vulnerability exists in the ALMListView.ALMListCtrl ActiveX control within the almaxcx.dll file of Siemens Automation License Manager. This flaw enables remote attackers to exploit the Save method, potentially allowing them to overwrite arbitrary files on affected systems. The vulnerability affects versions 2.0 through 5.1+SP1+Upd2, posing a significant risk to environments utilizing this software. Proper patches and mitigations should be applied immediately to secure systems from potential attacks.

References

http://support.automation.siemens.com/WW/view/en/114358

x_refsource_CONFIRM

http://aluigi.altervista.org/adv/almsrvx_1-adv.txt

x_refsource_MISC

http://support.automation.siemens.com/WW/llisapi.dll/5725...

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 8, 2012