Siemens Automation License Manager Denial of Service and ActiveX Control Vulnerabilities
Last Update Date:
29 Nov 2011 10:41
Release Date:
29 Nov 2011
5774
Views
RISK: High Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have identified in Siemens Automation License Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) and manipulate certain data.
- An error in almsrvx.exe when processing certain requests can be exploited to cause an unhandled exception and terminate the service via a specially crafted packet sent to TCP port 4410.
- An NULL pointer dereference error in almsrvx.exe when processing certain requests can be exploited to crash the service via a specially crafted packet sent to TCP port 4410.
- The insecure "Save()" method in the ALMListView.ALMListCtrl ActiveX control (almaxcx.dll) can be exploited to create or overwrite arbitrary files with empty content in the context of the currently logged-on user.
Impact
- Denial of Service
- Data Manipulation
System / Technologies affected
- Siemens Automation License Manager 5.x
- Siemens Automation License Manager ActiveX Control 5.x
Solutions
- Restrict access to trusted hosts only.
- Set the kill-bit for the affected ActiveX control.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with