CVE-2018-11456
N/A
Summary
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens AG | Automation License Manager 5 | Automation License Manager 5 : All versions < 5.3.4.4 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/105114
- https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf
References
- http://www.securityfocus.com/bid/105114
- https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.