CVE-2018-11455

Summary

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.

Affected Software

VendorProductVersion RangeStatus
Siemens AGAutomation License Manager 5, Automation License Manager 6Automation License Manager 5 : All versions < 5.3.4.4affected
Siemens AGAutomation License Manager 5, Automation License Manager 6Automation License Manager 6 : All versions < 6.0.1affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References