Automation License Manager Vulnerability Could Lead to Remote Code Execution
CVE-2024-44087

8.6HIGH

Key Information:

Vendor: Siemens
Status: Automation License Manager V5; Automation License Manager V6.0; Automation License Manager V6.2
Vendor: CVE Published:; 10 September 2024

Summary

A vulnerability has been identified in Siemens Automation License Manager that affects versions V5, V6.0, and V6.2 (prior to V6.2 Upd3). The issue arises from the application's improper validation of fields in incoming network packets transmitted on port 4410/tcp. As a result, an unauthenticated remote attacker could exploit this vulnerability to trigger an integer overflow, leading to a crash of the affected application. This denial of service may disrupt operations, preventing legitimate users from accessing subsequent products that depend on the license verification functions of Automation License Manager.

Affected Version(s)

Automation License Manager V5 0

Automation License Manager V6.0 0

Automation License Manager V6.2 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1036...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 19, 2024