Sign-up

ID

VAR-201212-0032


CVE

CVE-2012-4691


TITLE

Siemens Automation License Manager Denial of service vulnerability

Trust: 1.4

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7524 // CNNVD: CNNVD-201212-250

DESCRIPTION

Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. The Siemens Automation License Manager is the certificate management software used by various Siemens software products. The following products are affected by this vulnerability: SIMATIC (eg STEP 7) SIMATIC HMI (eg WinCC, WinCC flexible) SIMATIC PCS 7 SIMOTION (eg Scout) SIMATIC NET SINAMICS (eg Starter) SIMOCODE. Successful exploits will cause an affected application to cause a memory leakage and terminate the application, denying service to legitimate users

Trust: 2.7

sources: NVD: CVE-2012-4691 // JVNDB: JVNDB-2012-005759 // CNVD: CNVD-2012-7524 // BID: 56954 // IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57972

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7524

AFFECTED PRODUCTS

vendor:siemensmodel:automation license managerscope:eqversion:4.0

Trust: 1.9

vendor:siemensmodel:automation license managerscope:eqversion:5.1

Trust: 1.6

vendor:siemensmodel:automation license managerscope:eqversion:5.0

Trust: 1.6

vendor:siemensmodel:automation license managerscope:eqversion:5.2

Trust: 1.1

vendor:siemensmodel:automation license managerscope:ltversion:5.x

Trust: 0.8

vendor:siemensmodel:automation license managerscope:eqversion:4.x

Trust: 0.8

vendor:siemensmodel:automation license managerscope: - version: -

Trust: 0.6

vendor:automation license managermodel: - scope:eqversion:5.1

Trust: 0.4

vendor:siemensmodel:sinamicsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simotionscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simocodescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic pcs7 sp2scope:eqversion:7.1

Trust: 0.3

vendor:siemensmodel:simatic netscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmiscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:75.5.2

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:75.5.1

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:75.5

Trust: 0.3

vendor:automation license managermodel: - scope:eqversion:4.0

Trust: 0.2

vendor:automation license managermodel: - scope:eqversion:5.0

Trust: 0.2

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7524 // BID: 56954 // JVNDB: JVNDB-2012-005759 // CNNVD: CNNVD-201212-250 // NVD: CVE-2012-4691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4691
value: LOW

Trust: 1.0

NVD: CVE-2012-4691
value: LOW

Trust: 0.8

CNNVD: CNNVD-201212-250
value: LOW

Trust: 0.6

IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-57972
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2012-4691
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-57972
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57972 // JVNDB: JVNDB-2012-005759 // CNNVD: CNNVD-201212-250 // NVD: CVE-2012-4691

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-57972 // JVNDB: JVNDB-2012-005759 // NVD: CVE-2012-4691

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201212-250

TYPE

Resource management error

Trust: 0.8

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201212-250

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005759

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-57972

PATCH
title:Top Pageurl:http://www.siemens.com/entry/cc/en/
Trust: 0.8
title:SSA-783261: Denial-of-Service vulnerability in Siemens Automation License Manager (ALM)url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf
Trust: 0.8
title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx
Trust: 0.8
title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/
Trust: 0.8
title:Siemens Automation License Manager denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/26615
Trust: 0.6
title:ALMv5_2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45585
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-7524 // 
            
            
            
            JVNDB: JVNDB-2012-005759 // 
            
            
            
            CNNVD: CNNVD-201212-250

EXTERNAL IDS
db:NVDid:CVE-2012-4691
Trust: 3.6
db:ICS CERTid:ICSA-12-349-01
Trust: 3.4
db:SIEMENSid:SSA-783261
Trust: 1.7
db:BIDid:56954
Trust: 1.0
db:CNNVDid:CNNVD-201212-250
Trust: 0.9
db:CNVDid:CNVD-2012-7524
Trust: 0.8
db:JVNDBid:JVNDB-2012-005759
Trust: 0.8
db:IVDid:2D96FFB0-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-57972
Trust: 0.1
sources:
            
            
            IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-7524 // 
            
            
            
            VULHUB: VHN-57972 // 
            
            
            
            BID: 56954 // 
            
            
            
            JVNDB: JVNDB-2012-005759 // 
            
            
            
            CNNVD: CNNVD-201212-250 // 
            
            
            
            NVD: CVE-2012-4691

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-349-01.pdf
Trust: 2.8
url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4691
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4691
Trust: 0.8
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-349-01.pdfhttp
Trust: 0.6
url:http://www.securityfocus.com/bid/56954
Trust: 0.6
url:http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&objid=17323948&tree
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-7524 // 
            
            
            
            VULHUB: VHN-57972 // 
            
            
            
            BID: 56954 // 
            
            
            
            JVNDB: JVNDB-2012-005759 // 
            
            
            
            CNNVD: CNNVD-201212-250 // 
            
            
            
            NVD: CVE-2012-4691

CREDITS
CERT
Trust: 0.9
sources:
            
            
            BID: 56954 // 
            
            
            
            CNNVD: CNNVD-201212-250

SOURCES
db:IVDid:2d96ffb0-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-7524
db:VULHUBid:VHN-57972
db:BIDid:56954
db:JVNDBid:JVNDB-2012-005759
db:CNNVDid:CNNVD-201212-250
db:NVDid:CVE-2012-4691

LAST UPDATE DATE
2024-08-14T13:48:39.195000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-7524date:2012-12-19T00:00:00
db:VULHUBid:VHN-57972date:2013-01-29T00:00:00
db:BIDid:56954date:2015-03-19T08:25:00
db:JVNDBid:JVNDB-2012-005759date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-250date:2012-12-19T00:00:00
db:NVDid:CVE-2012-4691date:2013-01-29T05:00:00

SOURCES RELEASE DATE
db:IVDid:2d96ffb0-2353-11e6-abef-000c29c66e3ddate:2012-12-19T00:00:00
db:CNVDid:CNVD-2012-7524date:2012-12-19T00:00:00
db:VULHUBid:VHN-57972date:2012-12-18T00:00:00
db:BIDid:56954date:2012-12-14T00:00:00
db:JVNDBid:JVNDB-2012-005759date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-250date:2012-12-19T00:00:00
db:NVDid:CVE-2012-4691date:2012-12-18T12:30:05.810