ID

VAR-201212-0032


CVE

CVE-2012-4691


TITLE

Siemens Automation License Manager Denial of service vulnerability

Trust: 1.4

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7524 // CNNVD: CNNVD-201212-250

DESCRIPTION

Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. The Siemens Automation License Manager is the certificate management software used by various Siemens software products. The following products are affected by this vulnerability: SIMATIC (eg STEP 7) SIMATIC HMI (eg WinCC, WinCC flexible) SIMATIC PCS 7 SIMOTION (eg Scout) SIMATIC NET SINAMICS (eg Starter) SIMOCODE. Successful exploits will cause an affected application to cause a memory leakage and terminate the application, denying service to legitimate users

Trust: 2.7

sources: NVD: CVE-2012-4691 // JVNDB: JVNDB-2012-005759 // CNVD: CNVD-2012-7524 // BID: 56954 // IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57972

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7524

AFFECTED PRODUCTS

vendor:siemensmodel:automation license managerscope:eqversion:4.0

Trust: 1.9

vendor:siemensmodel:automation license managerscope:eqversion:5.1

Trust: 1.6

vendor:siemensmodel:automation license managerscope:eqversion:5.0

Trust: 1.6

vendor:siemensmodel:automation license managerscope:eqversion:5.2

Trust: 1.1

vendor:siemensmodel:automation license managerscope:ltversion:5.x

Trust: 0.8

vendor:siemensmodel:automation license managerscope:eqversion:4.x

Trust: 0.8

vendor:siemensmodel:automation license managerscope: - version: -

Trust: 0.6

vendor:automation license managermodel: - scope:eqversion:5.1

Trust: 0.4

vendor:siemensmodel:sinamicsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simotionscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simocodescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic pcs7 sp2scope:eqversion:7.1

Trust: 0.3

vendor:siemensmodel:simatic netscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmiscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:75.5.2

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:75.5.1

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:75.5

Trust: 0.3

vendor:automation license managermodel: - scope:eqversion:4.0

Trust: 0.2

vendor:automation license managermodel: - scope:eqversion:5.0

Trust: 0.2

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7524 // BID: 56954 // JVNDB: JVNDB-2012-005759 // CNNVD: CNNVD-201212-250 // NVD: CVE-2012-4691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4691
value: LOW

Trust: 1.0

NVD: CVE-2012-4691
value: LOW

Trust: 0.8

CNNVD: CNNVD-201212-250
value: LOW

Trust: 0.6

IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-57972
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2012-4691
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-57972
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57972 // JVNDB: JVNDB-2012-005759 // CNNVD: CNNVD-201212-250 // NVD: CVE-2012-4691

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-57972 // JVNDB: JVNDB-2012-005759 // NVD: CVE-2012-4691

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201212-250

TYPE

Resource management error

Trust: 0.8

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201212-250

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005759

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-57972

PATCH

title:Top Pageurl:http://www.siemens.com/entry/cc/en/

Trust: 0.8

title:SSA-783261: Denial-of-Service vulnerability in Siemens Automation License Manager (ALM)url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/

Trust: 0.8

title:Siemens Automation License Manager denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/26615

Trust: 0.6

title:ALMv5_2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45585

Trust: 0.6

sources: CNVD: CNVD-2012-7524 // JVNDB: JVNDB-2012-005759 // CNNVD: CNNVD-201212-250

EXTERNAL IDS

db:NVDid:CVE-2012-4691

Trust: 3.6

db:ICS CERTid:ICSA-12-349-01

Trust: 3.4

db:SIEMENSid:SSA-783261

Trust: 1.7

db:BIDid:56954

Trust: 1.0

db:CNNVDid:CNNVD-201212-250

Trust: 0.9

db:CNVDid:CNVD-2012-7524

Trust: 0.8

db:JVNDBid:JVNDB-2012-005759

Trust: 0.8

db:IVDid:2D96FFB0-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-57972

Trust: 0.1

sources: IVD: 2d96ffb0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7524 // VULHUB: VHN-57972 // BID: 56954 // JVNDB: JVNDB-2012-005759 // CNNVD: CNNVD-201212-250 // NVD: CVE-2012-4691

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-349-01.pdf

Trust: 2.8

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4691

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4691

Trust: 0.8

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-349-01.pdfhttp

Trust: 0.6

url:http://www.securityfocus.com/bid/56954

Trust: 0.6

url:http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&objid=17323948&tree

Trust: 0.3

sources: CNVD: CNVD-2012-7524 // VULHUB: VHN-57972 // BID: 56954 // JVNDB: JVNDB-2012-005759 // CNNVD: CNNVD-201212-250 // NVD: CVE-2012-4691

CREDITS

CERT

Trust: 0.9

sources: BID: 56954 // CNNVD: CNNVD-201212-250

SOURCES

db:IVDid:2d96ffb0-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-7524
db:VULHUBid:VHN-57972
db:BIDid:56954
db:JVNDBid:JVNDB-2012-005759
db:CNNVDid:CNNVD-201212-250
db:NVDid:CVE-2012-4691

LAST UPDATE DATE

2024-08-14T13:48:39.195000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-7524date:2012-12-19T00:00:00
db:VULHUBid:VHN-57972date:2013-01-29T00:00:00
db:BIDid:56954date:2015-03-19T08:25:00
db:JVNDBid:JVNDB-2012-005759date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-250date:2012-12-19T00:00:00
db:NVDid:CVE-2012-4691date:2013-01-29T05:00:00

SOURCES RELEASE DATE

db:IVDid:2d96ffb0-2353-11e6-abef-000c29c66e3ddate:2012-12-19T00:00:00
db:CNVDid:CNVD-2012-7524date:2012-12-19T00:00:00
db:VULHUBid:VHN-57972date:2012-12-18T00:00:00
db:BIDid:56954date:2012-12-14T00:00:00
db:JVNDBid:JVNDB-2012-005759date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-250date:2012-12-19T00:00:00
db:NVDid:CVE-2012-4691date:2012-12-18T12:30:05.810