CVE-2011-4530

Siemens Automation License Manager < 5.1 - Denial of Service via Long Field Input

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4530.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in Siemens Automation License Manager, including buffer overflow, exceptions, NULL pointer dereference, and file overwriting. The writeup provides specific details on affected functions and exploitation methods.

Description

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.

Exploits (1)

exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/18165

This is a detailed technical analysis of multiple vulnerabilities in Siemens Automation License Manager, including buffer overflow, exceptions, NULL pointer dereference, and file overwriting. The writeup provides specific details on affected functions and exploitation methods.

Classification
Writeup 90%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: Siemens Automation License Manager <= 500.0.122.1
No auth needed
Prerequisites: Network access to the Siemens Automation License Manager service
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

EPSS 0.0444
EPSS Percentile 90.1%

Details

CWE
CWE-20
Status published
Products (1)
siemens/automation_license_manager < 5.1
Published Jan 08, 2012
Tracked Since Feb 18, 2026