Main Vulnerability Database Vulnerabilities #VU14417

Relative path traversal in Siemens Automation License Manager - CVE-2018-11455

Published: August 14, 2018 / Updated: August 15, 2018

Vulnerability identifier: #VU14417

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-11455

CWE-ID: CWE-23

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
Siemens Automation License Manager

Detailed vulnerability description

The vulnerability allows a remote attacker to conduct directory traversal attack on the target system.

The vulnerability exists due to relative path traversal. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, move arbitrary files to conduct path traversal attack and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-11455

Update to version 6.0.1.

Sources

https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf

Relative path traversal in Siemens Automation License Manager - CVE-2018-11455

Detailed vulnerability description

How to mitigate CVE-2018-11455

Sources

Please verify you're human