Skip to main content

Siemens Automation License Manager Denial of Service and ActiveX Control Vulnerabilities

Last Update Date: 29 Nov 2011 10:41 Release Date: 29 Nov 2011 5819 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have identified in Siemens Automation License Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) and manipulate certain data.

  1. An error in almsrvx.exe when processing certain requests can be exploited to cause an unhandled exception and terminate the service via a specially crafted packet sent to TCP port 4410.
  2. An NULL pointer dereference error in almsrvx.exe when processing certain requests can be exploited to crash the service via a specially crafted packet sent to TCP port 4410.
  3. The insecure "Save()" method in the ALMListView.ALMListCtrl ActiveX control (almaxcx.dll) can be exploited to create or overwrite arbitrary files with empty content in the context of the currently logged-on user.

Impact

  • Denial of Service
  • Data Manipulation

System / Technologies affected

  • Siemens Automation License Manager 5.x
  • Siemens Automation License Manager ActiveX Control 5.x

Solutions

  • Restrict access to trusted hosts only.
  • Set the kill-bit for the affected ActiveX control.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link