VYPR
Get started

Automation License Manager

Sign in to watch

by Siemens Foundation

CVEs (8)

CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2016-8565Cri0.599.10.01Oct 13, 2016Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
CVE-2016-8563Hig0.497.50.01Oct 13, 2016Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
CVE-2016-8564Med0.426.50.00Oct 13, 2016SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
CVE-2011-45290.070.48Jan 8, 2012Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command.
CVE-2011-45310.060.35Jan 8, 2012Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
CVE-2011-45300.060.35Jan 8, 2012Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
CVE-2011-45320.050.19Jan 8, 2012Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
CVE-2012-46910.000.00Dec 18, 2012Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.