Information disclosure in Siemens Automation License Manager - CVE-2016-8565
Published: October 14, 2016
Vulnerability identifier: #VU983
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-8565
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
Siemens Automation License Manager
Siemens Automation License Manager
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to read and modify important data the target system.
The weakness is due to improper input validation. By sending a specially crafted packets of upload files, attackers can create and delete directories or move existing files on the hard disk.
Successful exploitation of the vulnerability results in disclosure and modification of information.
The weakness is due to improper input validation. By sending a specially crafted packets of upload files, attackers can create and delete directories or move existing files on the hard disk.
Successful exploitation of the vulnerability results in disclosure and modification of information.
How to mitigate CVE-2016-8565
Install version 5.3 SP3 Update 1.