Network Scanning Vulnerability in Automation License Manager by Siemens
CVE-2018-11456

5.8MEDIUM

Key Information:

Vendor: Siemens
Status: Automation License Manager 5
Vendor: CVE Published:; 7 August 2018

Summary

A network vulnerability has been discovered in Automation License Manager 5, specifically affecting all versions below 5.3.4.4. This vulnerability allows an attacker with network access to the affected device to send specially crafted network packets. This can enable the attacker to determine the accessibility of network ports on remote systems, facilitating a form of basic network scanning through the compromised device. Notably, successful exploitation does not require any user privileges or interaction, thereby posing a risk to the security stance of networks utilizing this software.

Affected Version(s)

Automation License Manager 5 Automation License Manager 5 : All versions < 5.3.4.4

References

http://www.securityfocus.com/bid/105114

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-92096...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 7, 2018
Vulnerability Reserved
May 25, 2018