cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-44087,https://securityvulnerability.io/vulnerability/CVE-2024-44087,Automation License Manager Vulnerability Could Lead to Remote Code Execution,"A vulnerability has been identified in Siemens Automation License Manager that affects versions V5, V6.0, and V6.2 (prior to V6.2 Upd3). The issue arises from the application's improper validation of fields in incoming network packets transmitted on port 4410/tcp. As a result, an unauthenticated remote attacker could exploit this vulnerability to trigger an integer overflow, leading to a crash of the affected application. This denial of service may disrupt operations, preventing legitimate users from accessing subsequent products that depend on the license verification functions of Automation License Manager.",Siemens,"Automation License Manager V5,Automation License Manager V6.0,Automation License Manager V6.2",8.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:36:52.341Z,0
CVE-2022-43514,https://securityvulnerability.io/vulnerability/CVE-2022-43514,Directory Traversal Vulnerability in Siemens Automation License Manager and TeleControl Server,"A directory traversal vulnerability exists in various versions of Siemens Automation License Manager and TeleControl Server. This flaw allows an unauthenticated remote attacker to manipulate file and folder structures beyond the designated root directory. By exploiting this vulnerability, an attacker could execute unauthorized file operations, potentially leading to serious security breaches. When combined with another vulnerability, there is a risk of remote code execution, endangering the integrity of the overall system.",Siemens,"Automation License Manager V5,Automation License Manager V6,Telecontrol Server Basic V3",7.7,HIGH,0.014510000124573708,false,,false,false,false,,false,false,2023-01-10T11:39:39.909Z,0
CVE-2022-43513,https://securityvulnerability.io/vulnerability/CVE-2022-43513,Unauthorized File Manipulation in Siemens Automation License Manager and TeleControl Server,"A vulnerability exists in Siemens Automation License Manager and TeleControl Server that permits an unauthenticated remote attacker to manipulate license files. The affected versions allow users to rename files using their input without proper authentication checks. This flaw can lead to unauthorized alterations performed at the system level, potentially compromising system integrity and leading to further exploitation.",Siemens,"Automation License Manager V5,Automation License Manager V6,Telecontrol Server Basic V3",8.2,HIGH,0.002099999925121665,false,,false,false,false,,false,false,2023-01-10T11:39:38.879Z,0
CVE-2021-25659,https://securityvulnerability.io/vulnerability/CVE-2021-25659,,"A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system.",Siemens,"Automation License Manager 5,Automation License Manager 6",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2021-08-10T10:35:25.000Z,0
CVE-2020-7583,https://securityvulnerability.io/vulnerability/CVE-2020-7583,,"A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing.",Siemens,"Automation License Manager 5,Automation License Manager 6",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2020-08-14T15:24:06.000Z,0
CVE-2018-11455,https://securityvulnerability.io/vulnerability/CVE-2018-11455,,"A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.",Siemens,"Automation License Manager 5, Automation License Manager 6",8.8,HIGH,0.01841999962925911,false,,false,false,false,,false,false,2018-08-07T15:00:00.000Z,0
CVE-2018-11456,https://securityvulnerability.io/vulnerability/CVE-2018-11456,,"A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.",Siemens,Automation License Manager 5,5.8,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2018-08-07T15:00:00.000Z,0
CVE-2016-8563,https://securityvulnerability.io/vulnerability/CVE-2016-8563,,Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.,Siemens,Automation License Manager,7.5,HIGH,0.003969999961555004,false,,false,false,false,,false,false,2016-10-13T10:00:00.000Z,0
CVE-2016-8564,https://securityvulnerability.io/vulnerability/CVE-2016-8564,,SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.,Siemens,Automation License Manager,6.5,MEDIUM,0.001829999964684248,false,,false,false,false,,false,false,2016-10-13T10:00:00.000Z,0
CVE-2016-8565,https://securityvulnerability.io/vulnerability/CVE-2016-8565,,"Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.",Siemens,Automation License Manager,9.1,CRITICAL,0.005049999803304672,false,,false,false,false,,false,false,2016-10-13T10:00:00.000Z,0
CVE-2012-4691,https://securityvulnerability.io/vulnerability/CVE-2012-4691,,Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.,Siemens,Automation License Manager,,,0.001509999972768128,false,,false,false,false,,false,false,2012-12-18T12:30:00.000Z,0
CVE-2011-4529,https://securityvulnerability.io/vulnerability/CVE-2011-4529,,"Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command.",Siemens,Automation License Manager,,,0.15283000469207764,false,,false,false,false,,false,false,2012-01-08T20:55:00.000Z,0
CVE-2011-4530,https://securityvulnerability.io/vulnerability/CVE-2011-4530,,"Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.",Siemens,Automation License Manager,,,0.033250000327825546,false,,false,false,false,,false,false,2012-01-08T20:55:00.000Z,0
CVE-2011-4532,https://securityvulnerability.io/vulnerability/CVE-2011-4532,,Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.,Siemens,Automation License Manager,,,0.004530000034719706,false,,false,false,false,,false,false,2012-01-08T20:55:00.000Z,0
CVE-2011-4531,https://securityvulnerability.io/vulnerability/CVE-2011-4531,,Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.,Siemens,Automation License Manager,,,0.04394000023603439,false,,false,false,false,,false,false,2012-01-08T20:55:00.000Z,0