ID

VAR-202409-0295


CVE

CVE-2024-44087


TITLE

Siemens Automation License Manager Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-38022

DESCRIPTION

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification

Trust: 1.44

sources: NVD: CVE-2024-44087 // CNVD: CNVD-2024-38022

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-38022

AFFECTED PRODUCTS

vendor:siemensmodel:automation license managerscope:eqversion:v6.2

Trust: 0.6

vendor:siemensmodel:automation license managerscope:eqversion:v6.0

Trust: 0.6

vendor:siemensmodel:automation license managerscope:eqversion:v5

Trust: 0.6

sources: CNVD: CNVD-2024-38022

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-44087
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2024-38022
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-38022
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-44087
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-38022 // NVD: CVE-2024-44087

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

sources: NVD: CVE-2024-44087

PATCH

title:Patch for Siemens Automation License Manager Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/590276

Trust: 0.6

sources: CNVD: CNVD-2024-38022

EXTERNAL IDS

db:NVDid:CVE-2024-44087

Trust: 1.6

db:SIEMENSid:SSA-103653

Trust: 1.6

db:CNVDid:CNVD-2024-38022

Trust: 0.6

sources: CNVD: CNVD-2024-38022 // NVD: CVE-2024-44087

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-103653.html

Trust: 1.6

sources: CNVD: CNVD-2024-38022 // NVD: CVE-2024-44087

SOURCES

db:CNVDid:CNVD-2024-38022
db:NVDid:CVE-2024-44087

LAST UPDATE DATE

2024-09-13T23:31:05.351000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-38022date:2024-09-12T00:00:00
db:NVDid:CVE-2024-44087date:2024-09-10T12:09:50.377

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-38022date:2024-09-12T00:00:00
db:NVDid:CVE-2024-44087date:2024-09-10T10:15:13.140