Network Scanning Vulnerability in Automation License Manager by Siemens
CVE-2018-11456

5.8MEDIUM

Key Information:

Vendor: Siemens
Status: Automation License Manager 5
Vendor: CVE Published:; 7 August 2018

What is CVE-2018-11456?

A network vulnerability has been discovered in Automation License Manager 5, specifically affecting all versions below 5.3.4.4. This vulnerability allows an attacker with network access to the affected device to send specially crafted network packets. This can enable the attacker to determine the accessibility of network ports on remote systems, facilitating a form of basic network scanning through the compromised device. Notably, successful exploitation does not require any user privileges or interaction, thereby posing a risk to the security stance of networks utilizing this software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Automation License Manager 5 Automation License Manager 5 : All versions < 5.3.4.4

References

http://www.securityfocus.com/bid/105114

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-92096...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 7, 2018
Vulnerability Reserved
May 25, 2018

JSON

Siemens

What is CVE-2018-11456?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.