Siemens Automation License Manager Multiple Vulnerabilities

high Nessus Plugin ID 63428

Synopsis

The remote host has software installed that is affected by multiple vulnerabilities.

Description

The remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities :

- There are multiple buffer overflows that can be exploited to execute arbitrary code by sending a message to the Automation License Manager TCP service listening on port 4410 containing a long serialid field in a
_licensekey command. (CVE-2011-4329)

- The Siemens Automation License Manager TCP service listening on TCP port 4410 does not properly copy fields obtained from clients and can be exploited by sending a message containing long fields to cause a denial of service. (CVE-2011-4530)
- By sending a specially crafted 'get_target_ocx_param' or 'send_target_ocx_param' command message to the Automation License Manager service listening on port 4410, an attacker can trigger a NULL pointer dereference and denial of service. (CVE-2011-4531)

Solution

Upgrade to Siemens Automation License Manager 5.1+SP1+Upd2 or later.

See Also

http://www.nessus.org/u?c588dd55

http://www.nessus.org/u?2be8e337

http://aluigi.altervista.org/adv/almsrvx_1-adv.txt

Plugin Details

Severity: High

ID: 63428

File Name: scada_siemens_alm_ssa_319258.nbin

Version: 1.70

Type: local

Agent: windows

Family: SCADA

Published: 1/9/2013

Updated: 5/20/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2011-4529

Vulnerability Information

CPE: cpe:/a:siemens:automation_license_manager

Required KB Items: SCADA/Apps/Siemens/ALM/Path

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/16/2011

Vulnerability Publication Date: 11/28/2011

Reference Information

CVE: CVE-2011-4529, CVE-2011-4530, CVE-2011-4531

BID: 50830

ICS-ALERT: 11-332-01, 11-332-01A

ICSA: 11-361-01