Siemens Automation License Manager CVE-2012-4691 Denial of Service

low Nessus Plugin ID 63430

Synopsis

The remote host has software installed that is affected by a denial of service vulnerability.

Description

The remote host has a version of Siemens Automation License Manager installed that is affected by an excessive memory consumption denial of service vulnerability that can be triggered by sending a specially crafted packet to the Automation Licensing Manager TCP service listening on port 4410.

Solution

Upgrade to Siemens Automation License Manager 5.2 or later.

See Also

http://www.nessus.org/u?c1cb7805

Plugin Details

Severity: Low

ID: 63430

File Name: scada_siemens_alm_ssa_783261.nbin

Version: 1.69

Type: local

Agent: windows

Family: SCADA

Published: 1/9/2013

Updated: 5/20/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2012-4691

Vulnerability Information

CPE: cpe:/a:siemens:automation_license_manager

Required KB Items: SCADA/Apps/Siemens/ALM/Path

Exploit Ease: No known exploits are available

Patch Publication Date: 12/12/2012

Vulnerability Publication Date: 12/12/2012

Reference Information

CVE: CVE-2012-4691

BID: 56954

ICSA: 12-349-01