CVE-2012-4691
low
CVSS v3
—
CVSS v2
3.3
VIR risk
3.3
Description
Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: ics-cert@hq.dhs.gov — http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| siemens | automation_license_manager | 4.0 | |
| siemens | automation_license_manager | 5.0 | |
| siemens | automation_license_manager | 5.1 | |
References
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-349-01.pdf
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-349-01.pdf
CWEs
CWE-399
Verify integrity in audit chain (admin only). AS-IS.