Lucene search

Kaspersky LabKLA10084

HistoryDec 18, 2012 - 12:00 a.m.

KLA10084 DoS vulnerability in Siemens ALM

2012-12-1800:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

54.9%

JSON

A memory leak was found in Siemens ALM. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via specially designed packets.

Original advisories

Siemens bulletin

Related products

Automation-License-Manager

CVE list

CVE-2012-4691 warning

Solution

Update to latest version

Impacts

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

Siemens Automation License Manager 4 all versionsSiemens Automation License Manager 5 versions 5.1 and earlier.

References

www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf

statistics.securelist.com/

threats.kaspersky.com/en/product/Automation-License-Manager/

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

54.9%

JSON

Related for KLA10084