SQL Injection Vulnerability in Siemens Automation License Manager
CVE-2016-8564

6.5MEDIUM

Key Information:

Vendor

Siemens
Status
Automation License Manager
Vendor
CVE Published:
13 October 2016

What is CVE-2016-8564?

The SQL injection vulnerability in Siemens Automation License Manager allows remote attackers to execute arbitrary SQL commands by sending specially crafted traffic to TCP port 4410. This could potentially lead to unauthorized access to sensitive data within the system. It is essential for organizations using affected versions of the Automation License Manager to assess their security posture and apply the necessary updates to mitigate this vulnerability.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02
x_refsource_MISC
http://www.securitytracker.com/id/1037011
vdb-entryx_refsource_SECTRACK
http://www.siemens.com/cert/pool/cert/siemens_security_ad...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-8564 : SQL Injection Vulnerability in Siemens Automation License Manager