You are here

U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code

November 29, 2011 - 9:00am

Addthis

PROBLEM:

Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code.

PLATFORM:

Siemens Automation License Manager 500.0.122.1

ABSTRACT:

Several vulnerabilities were reported in Siemens Automation License Manager.

reference LINKS:

SecurityTracker Alert ID: 1026354
Bugtraq
Siemens Advisory Services

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
A remote user can send specially crafted *_licensekey commands to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
A remote user can send specially crafted data to trigger an exception or null pointer dereference.
A remote user can create specially crafted HTML that, when loaded by the target user, will invoke the ALMListCtr ActiveX control and overwrite arbitrary files with the privileges of the target user. The CLSID of the vulnerable control is: E57AF4A2-EF57-41D0-8512-FECDA78F1FE7

Impact:

A remote user can execute arbitrary code on the target system.

Solution:

No solution was available at the time of this entry.

Addthis