Vulnerabilities > CVE-2012-4691 - Resource Management Errors vulnerability in Siemens Automation License Manager 4.0/5.0/5.1

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

low complexity

siemens

CWE-399

NVD

Published: 2012-12-18

Updated: 2013-01-29

Summary

Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. Per: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf "The attacker must have access to the local subnet where ALM is located. During installation, the default setting of the Windows firewall is to block the port used by ALM for all networks except the local subnet. If this setting has not been changed by the administrator, these vulnerabilities cannot be exploited from remote networks. Additionally, communication to this port should be blocked at network borders using appropriate security measures like firewalls."

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Automation License Manager 4.0 Siemens Automation License Manager 5.0 Siemens Automation License Manager 5.1	4

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References