Description
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-103653.html
Scores
CVSS v3
8.6
EPSS
0.1379
EPSS Percentile
94.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (3)
Siemens/Automation License Manager V5
Siemens/Automation License Manager V6.0
< V6.0 SP12 Upd3
Siemens/Automation License Manager V6.2
< V6.2 Upd3
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026