CVE-2018-11456

5.8MEDIUM

Key Information:

Vendor: Siemens
Status: Automation License Manager 5
Vendor: CVE Published:; 7 August 2018

Summary

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.

Affected Version(s)

Automation License Manager 5 Automation License Manager 5 : All versions < 5.3.4.4

References

http://www.securityfocus.com/bid/105114

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-92096...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 7, 2018
Vulnerability Reserved
May 25, 2018