ID

VAR-201201-0029


CVE

CVE-2011-4532


TITLE

Siemens Automation License Manager 'almaxcx.dll' ActiveX Arbitrary File Overwrite Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-5100 // BID: 50831

DESCRIPTION

Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. The Siemens Automation License Manager is the authorization manager program for Siemens software. The save method provided by the almaxcx.dll ActiveX control (ALMListView.ALMListCtrlE57AF4A2-EF57-41D0-8512-FECDA78F1FE7) allows any file name to be saved. The attacker constructs a malicious WEB page to entice the user to access it. file

Trust: 2.88

sources: NVD: CVE-2011-4532 // JVNDB: JVNDB-2012-001031 // CNVD: CNVD-2011-5100 // BID: 50831 // IVD: 65a1275c-1f7d-11e6-abef-000c29c66e3d // IVD: 3d08cffe-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52477

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 65a1275c-1f7d-11e6-abef-000c29c66e3d // IVD: 3d08cffe-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5100

AFFECTED PRODUCTS

vendor:siemensmodel:automation license managerscope:lteversion:5.1

Trust: 1.0

vendor:siemensmodel:automation license managerscope:eqversion:500.0.1221

Trust: 0.9

vendor:siemensmodel:automation license managerscope:eqversion:2.0 to 5.1+sp1+upd2

Trust: 0.8

vendor:siemensmodel:automation license managerscope:eqversion:5.1

Trust: 0.6

vendor:automation license managermodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 65a1275c-1f7d-11e6-abef-000c29c66e3d // IVD: 3d08cffe-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5100 // BID: 50831 // JVNDB: JVNDB-2012-001031 // CNNVD: CNNVD-201201-082 // NVD: CVE-2011-4532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4532
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4532
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201201-082
value: MEDIUM

Trust: 0.6

IVD: 65a1275c-1f7d-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 3d08cffe-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-52477
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4532
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 65a1275c-1f7d-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 3d08cffe-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52477
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 65a1275c-1f7d-11e6-abef-000c29c66e3d // IVD: 3d08cffe-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52477 // JVNDB: JVNDB-2012-001031 // CNNVD: CNNVD-201201-082 // NVD: CVE-2011-4532

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-52477 // JVNDB: JVNDB-2012-001031 // NVD: CVE-2011-4532

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201111-483 // CNNVD: CNNVD-201201-082

TYPE

Path traversal

Trust: 1.0

sources: IVD: 65a1275c-1f7d-11e6-abef-000c29c66e3d // IVD: 3d08cffe-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201201-082

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001031

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-52477

PATCH

title:57252401url:http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=content

Trust: 0.8

title:114358url:http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=114358&caller=view

Trust: 0.8

title:ソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:Top Pageurl:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Siemens Automation License Manager 'almaxcx.dll' ActiveX arbitrary file coverage vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/72715

Trust: 0.6

sources: CNVD: CNVD-2011-5100 // JVNDB: JVNDB-2012-001031

EXTERNAL IDS

db:NVDid:CVE-2011-4532

Trust: 3.2

db:ICS CERTid:ICSA-11-361-01

Trust: 2.5

db:BIDid:50831

Trust: 1.6

db:CNNVDid:CNNVD-201201-082

Trust: 1.1

db:CNVDid:CNVD-2011-5100

Trust: 0.8

db:JVNDBid:JVNDB-2012-001031

Trust: 0.8

db:CNNVDid:CNNVD-201111-483

Trust: 0.6

db:IVDid:65A1275C-1F7D-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:3D08CFFE-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:EXPLOIT-DBid:18165

Trust: 0.1

db:SEEBUGid:SSVID-89651

Trust: 0.1

db:VULHUBid:VHN-52477

Trust: 0.1

sources: IVD: 65a1275c-1f7d-11e6-abef-000c29c66e3d // IVD: 3d08cffe-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5100 // VULHUB: VHN-52477 // BID: 50831 // JVNDB: JVNDB-2012-001031 // CNNVD: CNNVD-201111-483 // CNNVD: CNNVD-201201-082 // NVD: CVE-2011-4532

REFERENCES

url:http://aluigi.altervista.org/adv/almsrvx_1-adv.txt

Trust: 2.6

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-361-01.pdf

Trust: 2.5

url:http://support.automation.siemens.com/ww/view/en/114358

Trust: 1.7

url:http://support.automation.siemens.com/ww/llisapi.dll/57252401?func=ll&objid=57252401&objaction=csview&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&load=content

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4532

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4532

Trust: 0.8

url:http://www.securityfocus.com/bid/50831

Trust: 0.6

url:http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&objid=17323948&tree

Trust: 0.3

url:/archive/1/520660

Trust: 0.3

url:http://support.automation.siemens.com/ww/llisapi.dll/57252401?func=ll&objid=57252401&objaction=csview&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&load=content

Trust: 0.1

sources: CNVD: CNVD-2011-5100 // VULHUB: VHN-52477 // BID: 50831 // JVNDB: JVNDB-2012-001031 // CNNVD: CNNVD-201111-483 // CNNVD: CNNVD-201201-082 // NVD: CVE-2011-4532

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 50831 // CNNVD: CNNVD-201111-483

SOURCES

db:IVDid:65a1275c-1f7d-11e6-abef-000c29c66e3d
db:IVDid:3d08cffe-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5100
db:VULHUBid:VHN-52477
db:BIDid:50831
db:JVNDBid:JVNDB-2012-001031
db:CNNVDid:CNNVD-201111-483
db:CNNVDid:CNNVD-201201-082
db:NVDid:CVE-2011-4532

LAST UPDATE DATE

2024-08-14T14:34:35.774000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5100date:2016-03-15T00:00:00
db:VULHUBid:VHN-52477date:2012-01-09T00:00:00
db:BIDid:50831date:2012-01-03T21:50:00
db:JVNDBid:JVNDB-2012-001031date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201111-483date:2011-11-30T00:00:00
db:CNNVDid:CNNVD-201201-082date:2012-01-11T00:00:00
db:NVDid:CVE-2011-4532date:2012-01-09T05:00:00

SOURCES RELEASE DATE

db:IVDid:65a1275c-1f7d-11e6-abef-000c29c66e3ddate:2011-12-05T00:00:00
db:IVDid:3d08cffe-2354-11e6-abef-000c29c66e3ddate:2012-01-11T00:00:00
db:CNVDid:CNVD-2011-5100date:2011-12-05T00:00:00
db:VULHUBid:VHN-52477date:2012-01-08T00:00:00
db:BIDid:50831date:2011-11-28T00:00:00
db:JVNDBid:JVNDB-2012-001031date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201111-483date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201201-082date:2012-01-11T00:00:00
db:NVDid:CVE-2011-4532date:2012-01-08T20:55:01.343