ID

VAR-201201-0028


CVE

CVE-2011-4531


TITLE

Siemens Automation License Manager Buffer Overflow and Denial of Service Vulnerabilities

Trust: 0.9

sources: BID: 50830 // CNNVD: CNNVD-201111-482

DESCRIPTION

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command. The Siemens Automation License Manager is the authorization manager program for Siemens software. Some long fields can be used to trigger exceptions: The exception unknown software exception (0xc0000417) occurred in the application at location 0x????????. This exception is due to some functions using wcscpy_s to copy the value provided by the client to Caused by the stack buffer. Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions

Trust: 3.78

sources: NVD: CVE-2011-4531 // JVNDB: JVNDB-2012-001030 // CNVD: CNVD-2011-5099 // CNVD: CNVD-2011-5101 // CNVD: CNVD-2011-5097 // BID: 50830 // IVD: 3cc922d2-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52476

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.0

sources: IVD: 3cc922d2-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5099 // CNVD: CNVD-2011-5101 // CNVD: CNVD-2011-5097

AFFECTED PRODUCTS

vendor:siemensmodel:automation license managerscope:eqversion:500.0.1221

Trust: 1.8

vendor:siemensmodel:automation license managerscope:lteversion:5.1

Trust: 1.0

vendor:siemensmodel:automation license managerscope:eqversion:4.0 to 5.1+sp1+upd1

Trust: 0.8

vendor:siemensmodel:automation license managerscope:eqversion:5.1

Trust: 0.6

vendor:siemensmodel:automation license managerscope:eqversion:501.1.102.1

Trust: 0.3

vendor:automation license managermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 3cc922d2-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5099 // CNVD: CNVD-2011-5101 // CNVD: CNVD-2011-5097 // BID: 50830 // JVNDB: JVNDB-2012-001030 // CNNVD: CNNVD-201201-081 // NVD: CVE-2011-4531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4531
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4531
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201201-081
value: MEDIUM

Trust: 0.6

IVD: 3cc922d2-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-52476
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4531
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 3cc922d2-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52476
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 3cc922d2-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52476 // JVNDB: JVNDB-2012-001030 // CNNVD: CNNVD-201201-081 // NVD: CVE-2011-4531

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-52476 // JVNDB: JVNDB-2012-001030 // NVD: CVE-2011-4531

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201201-081 // CNNVD: CNNVD-201111-482

TYPE

Input validation

Trust: 0.8

sources: IVD: 3cc922d2-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201201-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001030

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-52476

PATCH

title:57252401url:http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=content\

Trust: 0.8

title:114358url:http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=114358&caller=view

Trust: 0.8

title:ソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:Top Pageurl:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Siemens Automation License Manager denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/72712

Trust: 0.6

title:Patch for Siemens Automation License Manager Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/72722

Trust: 0.6

title:ALMv5_1_1_3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42332

Trust: 0.6

sources: CNVD: CNVD-2011-5101 // CNVD: CNVD-2011-5097 // JVNDB: JVNDB-2012-001030 // CNNVD: CNNVD-201201-081

EXTERNAL IDS

db:NVDid:CVE-2011-4531

Trust: 3.0

db:ICS CERTid:ICSA-11-361-01

Trust: 2.8

db:BIDid:50830

Trust: 2.7

db:CNNVDid:CNNVD-201201-081

Trust: 0.9

db:JVNDBid:JVNDB-2012-001030

Trust: 0.8

db:CNVDid:CNVD-2011-5099

Trust: 0.6

db:CNVDid:CNVD-2011-5101

Trust: 0.6

db:CNVDid:CNVD-2011-5097

Trust: 0.6

db:CNNVDid:CNNVD-201111-482

Trust: 0.6

db:IVDid:3CC922D2-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:EXPLOIT-DBid:18165

Trust: 0.1

db:VULHUBid:VHN-52476

Trust: 0.1

sources: IVD: 3cc922d2-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5099 // CNVD: CNVD-2011-5101 // CNVD: CNVD-2011-5097 // VULHUB: VHN-52476 // BID: 50830 // JVNDB: JVNDB-2012-001030 // CNNVD: CNNVD-201201-081 // CNNVD: CNNVD-201111-482 // NVD: CVE-2011-4531

REFERENCES

url:http://aluigi.altervista.org/adv/almsrvx_1-adv.txt

Trust: 3.2

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-361-01.pdf

Trust: 2.8

url:http://support.automation.siemens.com/ww/view/en/114358

Trust: 1.7

url:http://support.automation.siemens.com/ww/llisapi.dll/57252401?func=ll&objid=57252401&objaction=csview&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&load=content

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4531

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4531

Trust: 0.8

url:http://www.securityfocus.com/bid/50830

Trust: 0.6

url:http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&objid=17323948&tree

Trust: 0.3

url:/archive/1/520660

Trust: 0.3

url:http://support.automation.siemens.com/ww/llisapi.dll/57252401?func=ll&objid=57252401&objaction=csview&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&load=content

Trust: 0.1

sources: CNVD: CNVD-2011-5099 // CNVD: CNVD-2011-5101 // VULHUB: VHN-52476 // BID: 50830 // JVNDB: JVNDB-2012-001030 // CNNVD: CNNVD-201201-081 // CNNVD: CNNVD-201111-482 // NVD: CVE-2011-4531

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 50830 // CNNVD: CNNVD-201111-482

SOURCES

db:IVDid:3cc922d2-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5099
db:CNVDid:CNVD-2011-5101
db:CNVDid:CNVD-2011-5097
db:VULHUBid:VHN-52476
db:BIDid:50830
db:JVNDBid:JVNDB-2012-001030
db:CNNVDid:CNNVD-201201-081
db:CNNVDid:CNNVD-201111-482
db:NVDid:CVE-2011-4531

LAST UPDATE DATE

2024-08-14T14:34:35.822000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5099date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5101date:2016-03-15T00:00:00
db:CNVDid:CNVD-2011-5097date:2016-03-15T00:00:00
db:VULHUBid:VHN-52476date:2012-01-09T00:00:00
db:BIDid:50830date:2012-01-04T00:20:00
db:JVNDBid:JVNDB-2012-001030date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201201-081date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201111-482date:2011-11-30T00:00:00
db:NVDid:CVE-2011-4531date:2012-01-09T22:52:26.123

SOURCES RELEASE DATE

db:IVDid:3cc922d2-2354-11e6-abef-000c29c66e3ddate:2012-01-11T00:00:00
db:CNVDid:CNVD-2011-5099date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5101date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5097date:2011-12-05T00:00:00
db:VULHUBid:VHN-52476date:2012-01-08T00:00:00
db:BIDid:50830date:2011-11-28T00:00:00
db:JVNDBid:JVNDB-2012-001030date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201201-081date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201111-482date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4531date:2012-01-08T20:55:01.280