CVE-2018-11455 Information
Feb 14, 2021
cve
Description
A vulnerability has been identified in Automation License Manager 5 (All versions 5.3.4.4) Automation License Manager 6 (All versions 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files which can result in code execution compromising confidentiality integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system but user interaction is required.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/105114 https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: