SQL injection in Siemens Automation License Manager
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-8564 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Siemens Automation License Manager Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) SQL injection
EUVDB-ID: #VU982
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-8564
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to execute SQL commands on the target system.
The weakness is due to improper input validation. By supplying a specially crafted parameter value to TCP port 4410 atackers can execute SQL commands on the database that allows to access configuration settings.
Successful exploitation of the vulnerability results in SQL commands execution on the vulnerable system.
Install version 5.3 SP3 Update 1.
Vulnerable software versionsSiemens Automation License Manager: 5.3 SP3
CPE2.3 External linkshttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
