Denial of service in Siemens Automation License Manager - CVE-2016-8563
Published: October 13, 2016 / Updated: October 14, 2016
Vulnerability identifier: #VU981
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8563
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
Siemens Automation License Manager
Siemens Automation License Manager
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper input validation. By sending a specially crafted packets to TCP port 4410, attackers can trigger the ALM service to crash. A manual restart is necessary to restore the normal system functionality.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
The weakness is due to improper input validation. By sending a specially crafted packets to TCP port 4410, attackers can trigger the ALM service to crash. A manual restart is necessary to restore the normal system functionality.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
How to mitigate CVE-2016-8563
Install version 5.3 SP3 Update 1.